Support for CycloneDX schema version 1.4 (#108)
Support for CycloneDX 1.4. This includes:
- Support for
toolshavingexternalReferences - Allowing
versionfor aComponentto be optional in 1.4 - Support for
releaseNotesperComponent - Support for the core schema implementation of Vulnerabilities (VEX)
$schemais now included in JSON BOMs- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python
- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
- Ensure schema is adhered to in 1.0
- URIs are now used throughout the library through a new
XsUriclass to provide URI validation
- Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
- Added reference to release of this library on Anaconda
- Removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98) (
3677d9f)
- Further loosened dependency definitions (
8bef6ec)
- Loosed dependency versions to make this library more consumable (
55f10fb)
- Constructor for
Vulnerabilityto correctly defineratingsas optional (395a0ec)
- Typing & PEP 561 (
9144765)
- Correct way to write utf-8 encoded files (
49f9369)
- Add support for Conda (
bd29c78)
- Missing check for Classifiers in Environment Parser (
b7fa38e)
- Add support for parsing package licenses when using the
EnvironmentParsers (c414eaf)
- Coding standards violations (
00cd1ca) - Handle
Pipfile.lockdependencies without anindexspecified (26c62fb)
- Add namespace and subpath support to Component to complete PackageURL Spec support (
780adeb)
- Multiple hashes being created for an externalRefernce which is not as required (
970d192)
- Add support for
externalRefernecesforComponentsand associated enhancements to parsers to obtain information where possible/known (a152852)
- Support for pipenv.lock file parsing (
68a2dff)
- Added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances (
e03a25c)
- Better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance (
5fee85f)
- Helper method for representing a File as a Component taking into account versioning for files as per CycloneDX/cyclonedx.org#34 (
7e0fb3c) - Support for non-PyPi Components - PackageURL type is now definable when creating a Component (
fde79e0)
- Add support for tool(s) that generated the SBOM (
7d1e6ef)
- Bumped a dependency version (
efc1053)
- Improved handling for
requirements.txtcontent without pinned or declared versions (7f318cb)
- Support for localising vectors (i.e. stripping out any scheme prefix) (
b9e9e17) - Helper methods for deriving Severity and SourceType (
6a86ec2)
- Removed print call (
8806553) - Relaxed typing of parameter to be compatible with Python < 3.9 (
f9c7990) - Removed print call (
d272d2e) - Remove unused commented out code (
ba4f285)
- Adding support for extension schema that descriptions vulnerability disclosures (
d496695)
- Added helper method to return a PackageURL object representing a Component (
367bef1)
- Whitespace on empty line removed (
cfc952e)
- Add poetry support (
f3ac42f)
- test: Test was not updated for revised author statement (
d1c9d37) - build: Test failure and dependency missing (
9a2cfe9) - build: Removed artefacts associtated with non-poetry build (
f9119d4)
- Add in pypi badge (
6098c36)
- Additional info to poetry, remove circleci (
2fcfa5a)
- Initial release to pypi, tell poetry to include cyclonedx package (
a030177)
- Release with full name (
4c620ed)
- Initial release to pypi (
99687db)