You can create a BOM Model from either a :py:mod:`cyclonedx.parser` instance or manually using the methods available directly on the :py:mod:`cyclonedx.model.bom.Bom` class.
Vulnerabilities are supported by the Model as of version 0.3.0.
Note: Known vulnerabilities associated with Components can be sourced from various data sources, but this library will not source them for you. Perhaps look at Jake if you're interested in this.
Note: Concreate parser implementations were moved out of this library and into CycloneDX Python as of version
1.0.0
.
from cyclonedx.model.bom import Bom
from cyclonedx_py.parser.environment import EnvironmentParser
parser = EnvironmentParser()
bom = Bom.from_parser(parser=parser)
Note
It is recommended that you have a good understanding of the CycloneDX Schema before attempting to create a BOM programmatically with this library.
For the most up-to-date in-depth examples, look at our Unit Tests.