Optional authorDEPRECATED - DO NOT USE - This will be removed in a future version - Use .authors or .manufacturer instead. The person(s) or organization(s) that authored the component
from field: optional string author = 5 [deprecated = true];
The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have .manufacturer instead.
from field: repeated cyclonedx.v1_6.OrganizationalContact authors = 29;
Optional bomAn optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
from field: optional string bom_ref = 3;
Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.
from field: repeated cyclonedx.v1_6.Component components = 21;
Optional copyrightAn optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
from field: optional string copyright = 14;
Optional cpeDEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe
from field: optional string cpe = 15;
Optional cryptoCryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
from field: optional cyclonedx.v1_6.CryptoProperties cryptoProperties = 27;
Optional dataThis object SHOULD be specified for any component of type data and MUST NOT be specified for other component types.
from field: optional cyclonedx.v1_6.ComponentData data = 26;
Optional descriptionSpecifies a description for the component
from field: optional string description = 10;
Optional evidenceSpecifies optional license and copyright evidence
from field: optional cyclonedx.v1_6.Evidence evidence = 23;
Provides the ability to document external references related to the component or to the project the component describes.
from field: repeated cyclonedx.v1_6.ExternalReference external_references = 20;
Optional groupThe grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.
from field: optional string group = 7;
from field: repeated cyclonedx.v1_6.Hash hashes = 12;
from field: repeated cyclonedx.v1_6.LicenseChoice licenses = 13;
Optional manufacturerThe organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have .authors instead.
from field: optional cyclonedx.v1_6.OrganizationalEntity manufacturer = 28;
Optional mimeThe optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.
from field: optional string mime_type = 2;
Optional modelA model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.
from field: optional cyclonedx.v1_6.ModelCard modelCard = 25;
Optional modifiedDEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original.
from field: optional bool modified = 18;
The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery
from field: string name = 8;
Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid
from field: repeated string omniborId = 31;
Optional pedigreeComponent pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.
from field: optional cyclonedx.v1_6.Pedigree pedigree = 19;
Specifies optional, custom, properties
from field: repeated cyclonedx.v1_6.Property properties = 22;
Optional publisherThe person(s) or organization(s) that published the component
from field: optional string publisher = 6;
Optional purlSpecifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
from field: optional string purl = 16;
Optional releaseSpecifies optional release notes.
from field: optional cyclonedx.v1_6.ReleaseNotes releaseNotes = 24;
Optional scopeSpecifies the scope of the component. If a scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM
from field: optional cyclonedx.v1_6.Scope scope = 11;
Optional supplierThe organization that supplied the component. The supplier may often be the manufacturer but may also be a distributor or repackager.
from field: optional cyclonedx.v1_6.OrganizationalEntity supplier = 4;
Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html
from field: repeated string swhid = 32;
Optional swidSpecifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.
from field: optional cyclonedx.v1_6.Swid swid = 17;
Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
from field: repeated string tags = 30;
Specifies the type of component. For software components, classify as an application if no more specific appropriate classification is available or cannot be determined for the component.
from field: cyclonedx.v1_6.Classification type = 1;
The component version. The version should ideally comply with semantic versioning but is not enforced. Version was made optional in v1.4 of the spec. For backward compatibility, it is RECOMMENDED to use an empty string to represent components without version information.
from field: string version = 9;
Static Readonly fieldsStatic Readonly runtimeStatic Readonly typeParse from binary data, merging fields.
Repeated fields are appended. Map entries are added, overwriting existing keys.
If a message field is already present, it will be merged with the new data.
Optional options: Partial<BinaryReadOptions>Protected toJSONOverride for serialization behavior. This will be invoked when calling JSON.stringify on this message (i.e. JSON.stringify(msg)).
Note that this will not serialize google.protobuf.Any with a packed message because the protobuf JSON format specifies that it needs to be unpacked, and this is only possible with a type registry to look up the message type. As a result, attempting to serialize a message with this type will throw an Error.
This method is protected because you should not need to invoke it directly -- instead use JSON.stringify or toJsonString for stringified JSON. Alternatively, if actual JSON is desired, you should use toJson.
Static equalsStatic fromStatic fromStatic from
Generated
from message cyclonedx.v1_6.Component