Skip to content

feat: add support for CycloneDX 1.7 (basics) #902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Oct 23, 2025
Merged

feat: add support for CycloneDX 1.7 (basics) #902

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fa3ac40
feat: add support for CycloneDX 1.7 (basic)
jkowalleck Oct 23, 2025
7a6e637
feat: add support for CycloneDX 1.7 (basic)
jkowalleck Oct 23, 2025
716d576
order
jkowalleck Oct 23, 2025
8947c60
val
jkowalleck Oct 23, 2025
2e0d75a
test
jkowalleck Oct 23, 2025
e438295
style
jkowalleck Oct 23, 2025
106b121
tests
jkowalleck Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
44 changes: 31 additions & 13 deletions cyclonedx/model/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
SchemaVersion1Dot4,
SchemaVersion1Dot5,
SchemaVersion1Dot6,
SchemaVersion1Dot7,
)
from .bom_ref import BomRef

Expand All @@ -60,7 +61,7 @@ class DataFlow(str, Enum):
This is our internal representation of the dataFlowType simple type within the CycloneDX standard.

.. note::
See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/xml/#type_dataFlowType
See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_dataFlowType
"""
INBOUND = 'inbound'
OUTBOUND = 'outbound'
Expand All @@ -78,7 +79,7 @@ class DataClassification:

.. note::
See the CycloneDX Schema for dataClassificationType:
https://cyclonedx.org/docs/1.6/xml/#type_dataClassificationType
https://cyclonedx.org/docs/1.7/xml/#type_dataClassificationType
"""

def __init__(
Expand Down Expand Up @@ -157,7 +158,7 @@ class Encoding(str, Enum):
This is our internal representation of the encoding simple type within the CycloneDX standard.

.. note::
See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/xml/#type_encoding
See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_encoding
"""
BASE_64 = 'base64'

Expand All @@ -168,7 +169,7 @@ class AttachedText:
This is our internal representation of the `attachedTextType` complex type within the CycloneDX standard.

.. note::
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/xml/#type_attachedTextType
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_attachedTextType
"""

DEFAULT_CONTENT_TYPE = 'text/plain'
Expand Down Expand Up @@ -261,7 +262,7 @@ class HashAlgorithm(str, Enum):
This is our internal representation of the hashAlg simple type within the CycloneDX standard.

.. note::
See the CycloneDX Schema: https://cyclonedx.org/docs/1.6/xml/#type_hashAlg
See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_hashAlg
"""
# see `_HashTypeRepositorySerializationHelper.__CASES` for view/case map
BLAKE2B_256 = 'BLAKE2b-256' # Only supported in >= 1.2
Expand All @@ -276,6 +277,8 @@ class HashAlgorithm(str, Enum):
SHA3_256 = 'SHA3-256'
SHA3_384 = 'SHA3-384' # Only supported in >= 1.2
SHA3_512 = 'SHA3-512'
STREEBOG_256 = 'Streebog-256' # Only supported in >= 1.7
STREEBOG_512 = 'Streebog-512' # Only supported in >= 1.7


class _HashTypeRepositorySerializationHelper(serializable.helpers.BaseHelper):
Expand Down Expand Up @@ -303,6 +306,10 @@ class _HashTypeRepositorySerializationHelper(serializable.helpers.BaseHelper):
__CASES[SchemaVersion1Dot4] = __CASES[SchemaVersion1Dot3]
__CASES[SchemaVersion1Dot5] = __CASES[SchemaVersion1Dot4]
__CASES[SchemaVersion1Dot6] = __CASES[SchemaVersion1Dot5]
__CASES[SchemaVersion1Dot7] = __CASES[SchemaVersion1Dot6] | {
HashAlgorithm.STREEBOG_256,
HashAlgorithm.STREEBOG_512,
}

@classmethod
def __prep(cls, hts: Iterable['HashType'], view: type[serializable.ViewType]) -> Generator['HashType', None, None]:
Expand Down Expand Up @@ -384,7 +391,7 @@ class HashType:
This is our internal representation of the hashType complex type within the CycloneDX standard.

.. note::
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.6/xml/#type_hashType
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_hashType
"""

@staticmethod
Expand Down Expand Up @@ -541,7 +548,7 @@ class ExternalReferenceType(str, Enum):
Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema.

.. note::
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_externalReferenceType
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_externalReferenceType
"""
# see `_ExternalReferenceSerializationHelper.__CASES` for view/case map
ADVERSARY_MODEL = 'adversary-model' # Only supported in >= 1.5
Expand All @@ -552,6 +559,7 @@ class ExternalReferenceType(str, Enum):
BUILD_SYSTEM = 'build-system'
CERTIFICATION_REPORT = 'certification-report' # Only supported in >= 1.5
CHAT = 'chat'
CITATION = 'citation' # Only supported in >= 1.7
CODIFIED_INFRASTRUCTURE = 'codified-infrastructure' # Only supported in >= 1.5
COMPONENT_ANALYSIS_REPORT = 'component-analysis-report' # Only supported in >= 1.5
CONFIGURATION = 'configuration' # Only supported in >= 1.5
Expand All @@ -570,6 +578,9 @@ class ExternalReferenceType(str, Enum):
MAILING_LIST = 'mailing-list'
MATURITY_REPORT = 'maturity-report' # Only supported in >= 1.5
MODEL_CARD = 'model-card' # Only supported in >= 1.5
PATENT = 'patent' # Only supported in >= 1.7
PATENT_ASSERTION = 'patent-assertion' # Only supported in >= 1.7
PATENT_FAMILY = 'patent-family' # Only supported in >= 1.7
PENTEST_REPORT = 'pentest-report' # Only supported in >= 1.5
POAM = 'poam' # Only supported in >= 1.5
QUALITY_METRICS = 'quality-metrics' # Only supported in >= 1.5
Expand Down Expand Up @@ -648,6 +659,12 @@ class _ExternalReferenceSerializationHelper(serializable.helpers.BaseHelper):
ExternalReferenceType.DIGITAL_SIGNATURE,
ExternalReferenceType.RFC_9166,
}
__CASES[SchemaVersion1Dot7] = __CASES[SchemaVersion1Dot6] | {
ExternalReferenceType.CITATION,
ExternalReferenceType.PATENT,
ExternalReferenceType.PATENT_ASSERTION,
ExternalReferenceType.PATENT_FAMILY,
}

@classmethod
def __normalize(cls, extref: ExternalReferenceType, view: type[serializable.ViewType]) -> str:
Expand Down Expand Up @@ -809,7 +826,7 @@ class ExternalReference:
a CycloneDX BOM document.

.. note::
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_externalReference
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_externalReference
"""

def __init__(
Expand Down Expand Up @@ -877,6 +894,7 @@ def type(self, type: ExternalReferenceType) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.type_mapping(_HashTypeRepositorySerializationHelper)
def hashes(self) -> 'SortedSet[HashType]':
"""
Expand Down Expand Up @@ -921,7 +939,7 @@ class Property:
a CycloneDX BOM document.

.. note::
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_propertyType
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_propertyType

Specifies an individual property with a name and value.
"""
Expand Down Expand Up @@ -996,7 +1014,7 @@ class NoteText:
a CycloneDX BOM document.

.. note::
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_releaseNotesType
"""

DEFAULT_CONTENT_TYPE: str = 'text/plain'
Expand Down Expand Up @@ -1088,7 +1106,7 @@ class Note:
a CycloneDX BOM document.

.. note::
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.6/xml/#type_releaseNotesType
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_releaseNotesType

@todo: Replace ``NoteText`` with ``AttachedText``?
"""
Expand Down Expand Up @@ -1172,7 +1190,7 @@ class IdentifiableAction:
This is our internal representation of the `identifiableActionType` complex type.

.. note::
See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_identifiableActionType
See the CycloneDX specification: https://cyclonedx.org/docs/1.7/xml/#type_identifiableActionType
"""

def __init__(
Expand Down Expand Up @@ -1258,7 +1276,7 @@ class Copyright:
This is our internal representation of the `copyrightsType` complex type.

.. note::
See the CycloneDX specification: https://cyclonedx.org/docs/1.6/xml/#type_copyrightsType
See the CycloneDX specification: https://cyclonedx.org/docs/1.7/xml/#type_copyrightsType
"""

def __init__(
Expand Down
18 changes: 16 additions & 2 deletions cyclonedx/model/bom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
SchemaVersion1Dot4,
SchemaVersion1Dot5,
SchemaVersion1Dot6,
SchemaVersion1Dot7,
)
from ..serialization import UrnUuidHelper
from . import _BOM_LINK_PREFIX, ExternalReference, Property
Expand All @@ -61,7 +62,7 @@ class BomMetaData:
This is our internal representation of the metadata complex type within the CycloneDX standard.

.. note::
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/xml/#type_metadata
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.7/xml/#type_metadata
"""

def __init__(
Expand Down Expand Up @@ -109,6 +110,7 @@ def timestamp(self, timestamp: datetime) -> None:
@property
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.type_mapping(_LifecycleRepositoryHelper)
@serializable.xml_sequence(2)
def lifecycles(self) -> LifecycleRepository:
Expand Down Expand Up @@ -193,6 +195,7 @@ def component(self, component: Optional[Component]) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_sequence(6)
def manufacture(self) -> Optional[OrganizationalEntity]:
"""
Expand All @@ -218,6 +221,7 @@ def manufacture(self, manufacture: Optional[OrganizationalEntity]) -> None:

@property
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_sequence(7)
def manufacturer(self) -> Optional[OrganizationalEntity]:
"""
Expand Down Expand Up @@ -256,6 +260,7 @@ def supplier(self, supplier: Optional[OrganizationalEntity]) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.type_mapping(_LicenseRepositorySerializationHelper)
@serializable.xml_sequence(9)
def licenses(self) -> LicenseRepository:
Expand All @@ -276,6 +281,7 @@ def licenses(self, licenses: Iterable[License]) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property')
@serializable.xml_sequence(10)
def properties(self) -> 'SortedSet[Property]':
Expand Down Expand Up @@ -371,6 +377,7 @@ def __init__(
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_attribute()
def serial_number(self) -> UUID:
"""
Expand Down Expand Up @@ -401,6 +408,7 @@ def version(self, version: int) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_sequence(10)
def metadata(self) -> BomMetaData:
"""
Expand All @@ -410,7 +418,7 @@ def metadata(self) -> BomMetaData:
Metadata object instance for this Bom.

.. note::
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/xml/#type_metadata
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.7/xml/#type_metadata
"""
return self._metadata

Expand Down Expand Up @@ -442,6 +450,7 @@ def components(self, components: Iterable[Component]) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'service')
@serializable.xml_sequence(30)
def services(self) -> 'SortedSet[Service]':
Expand All @@ -464,6 +473,7 @@ def services(self, services: Iterable[Service]) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'reference')
@serializable.xml_sequence(40)
def external_references(self) -> 'SortedSet[ExternalReference]':
Expand All @@ -485,6 +495,7 @@ def external_references(self, external_references: Iterable[ExternalReference])
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'dependency')
@serializable.xml_sequence(50)
def dependencies(self) -> 'SortedSet[Dependency]':
Expand Down Expand Up @@ -512,6 +523,7 @@ def dependencies(self, dependencies: Iterable[Dependency]) -> None:
# @serializable.view(SchemaVersion1Dot4) @todo: Update py-serializable to support view by OutputFormat filtering
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'property')
@serializable.xml_sequence(70)
def properties(self) -> 'SortedSet[Property]':
Expand All @@ -534,6 +546,7 @@ def properties(self, properties: Iterable[Property]) -> None:
@serializable.view(SchemaVersion1Dot4)
@serializable.view(SchemaVersion1Dot5)
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_array(serializable.XmlArraySerializationType.NESTED, 'vulnerability')
@serializable.xml_sequence(80)
def vulnerabilities(self) -> 'SortedSet[Vulnerability]':
Expand Down Expand Up @@ -573,6 +586,7 @@ def vulnerabilities(self, vulnerabilities: Iterable[Vulnerability]) -> None:

@property
@serializable.view(SchemaVersion1Dot6)
@serializable.view(SchemaVersion1Dot7)
@serializable.xml_sequence(110)
def definitions(self) -> Optional[Definitions]:
"""
Expand Down
Loading
Loading