Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.
from field: repeated cyclonedx.v1_5.Component ancestors = 1;
A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.
from field: repeated cyclonedx.v1_5.Commit commits = 4;
Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.
from field: repeated cyclonedx.v1_5.Component descendants = 2;
Optional
notesNotes, observations, and other non-structured commentary describing the components pedigree.
from field: optional string notes = 6;
A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.
from field: repeated cyclonedx.v1_5.Patch patches = 5;
Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.
from field: repeated cyclonedx.v1_5.Component variants = 3;
Static
Readonly
fieldsStatic
Readonly
runtimeStatic
Readonly
typeParse from binary data, merging fields.
Repeated fields are appended. Map entries are added, overwriting existing keys.
If a message field is already present, it will be merged with the new data.
Optional
options: Partial<BinaryReadOptions>Protected
toJSONOverride for serialization behavior. This will be invoked when calling JSON.stringify on this message (i.e. JSON.stringify(msg)).
Note that this will not serialize google.protobuf.Any with a packed message because the protobuf JSON format specifies that it needs to be unpacked, and this is only possible with a type registry to look up the message type. As a result, attempting to serialize a message with this type will throw an Error.
This method is protected because you should not need to invoke it directly -- instead use JSON.stringify or toJsonString for stringified JSON. Alternatively, if actual JSON is desired, you should use toJson.
Static
equalsStatic
fromStatic
fromStatic
from
Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.
Generated
from message cyclonedx.v1_5.Pedigree