Generated

from message cyclonedx.v1_6.Component

Hierarchy

Constructors

Properties

author?: string

DEPRECATED - DO NOT USE - This will be removed in a future version - Use .authors or .manufacturer instead. The person(s) or organization(s) that authored the component

Generated

from field: optional string author = 5 [deprecated = true];

Deprecated

The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have .manufacturer instead.

Generated

from field: repeated cyclonedx.v1_6.OrganizationalContact authors = 29;

bomRef?: string

An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.

Generated

from field: optional string bom_ref = 3;

components: cdx_16.Component[] = []

Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.

Generated

from field: repeated cyclonedx.v1_6.Component components = 21;

copyright?: string

An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.

Generated

from field: optional string copyright = 14;

cpe?: string

DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe

Generated

from field: optional string cpe = 15;

cryptoProperties?: CryptoProperties

Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.

Generated

from field: optional cyclonedx.v1_6.CryptoProperties cryptoProperties = 27;

This object SHOULD be specified for any component of type data and MUST NOT be specified for other component types.

Generated

from field: optional cyclonedx.v1_6.ComponentData data = 26;

description?: string

Specifies a description for the component

Generated

from field: optional string description = 10;

evidence?: cdx_16.Evidence

Specifies optional license and copyright evidence

Generated

from field: optional cyclonedx.v1_6.Evidence evidence = 23;

externalReferences: cdx_16.ExternalReference[] = []

Provides the ability to document external references related to the component or to the project the component describes.

Generated

from field: repeated cyclonedx.v1_6.ExternalReference external_references = 20;

group?: string

The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.

Generated

from field: optional string group = 7;

hashes: cdx_16.Hash[] = []

Generated

from field: repeated cyclonedx.v1_6.Hash hashes = 12;

licenses: cdx_16.LicenseChoice[] = []

Generated

from field: repeated cyclonedx.v1_6.LicenseChoice licenses = 13;

The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have .authors instead.

Generated

from field: optional cyclonedx.v1_6.OrganizationalEntity manufacturer = 28;

mimeType?: string

The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.

Generated

from field: optional string mime_type = 2;

modelCard?: cdx_16.ModelCard

A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.

Generated

from field: optional cyclonedx.v1_6.ModelCard modelCard = 25;

modified?: boolean

DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original.

Generated

from field: optional bool modified = 18;

name: string = ""

The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery

Generated

from field: string name = 8;

omniborId: string[] = []

Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid

Generated

from field: repeated string omniborId = 31;

pedigree?: cdx_16.Pedigree

Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.

Generated

from field: optional cyclonedx.v1_6.Pedigree pedigree = 19;

properties: cdx_16.Property[] = []

Specifies optional, custom, properties

Generated

from field: repeated cyclonedx.v1_6.Property properties = 22;

publisher?: string

The person(s) or organization(s) that published the component

Generated

from field: optional string publisher = 6;

purl?: string

Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec

Generated

from field: optional string purl = 16;

releaseNotes?: cdx_16.ReleaseNotes

Specifies optional release notes.

Generated

from field: optional cyclonedx.v1_6.ReleaseNotes releaseNotes = 24;

scope?: cdx_16.Scope

Specifies the scope of the component. If a scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM

Generated

from field: optional cyclonedx.v1_6.Scope scope = 11;

The organization that supplied the component. The supplier may often be the manufacturer but may also be a distributor or repackager.

Generated

from field: optional cyclonedx.v1_6.OrganizationalEntity supplier = 4;

swhid: string[] = []

Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html

Generated

from field: repeated string swhid = 32;

swid?: cdx_16.Swid

Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.

Generated

from field: optional cyclonedx.v1_6.Swid swid = 17;

tags: string[] = []

Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".

Generated

from field: repeated string tags = 30;

type: cdx_16.Classification = Classification.NULL

Specifies the type of component. For software components, classify as an application if no more specific appropriate classification is available or cannot be determined for the component.

Generated

from field: cyclonedx.v1_6.Classification type = 1;

version: string = ""

The component version. The version should ideally comply with semantic versioning but is not enforced. Version was made optional in v1.4 of the spec. For backward compatibility, it is RECOMMENDED to use an empty string to represent components without version information.

Generated

from field: string version = 9;

fields: FieldList = ...
runtime: ProtoRuntime = proto3
typeName: "cyclonedx.v1_6.Component" = "cyclonedx.v1_6.Component"

Methods

  • Create a deep copy.

    Returns cdx_16.Component

  • Compare with a message of the same type.

    Parameters

    Returns boolean

  • Parse from binary data, merging fields.

    Repeated fields are appended. Map entries are added, overwriting existing keys.

    If a message field is already present, it will be merged with the new data.

    Parameters

    • bytes: Uint8Array
    • Optional options: Partial<BinaryReadOptions>

    Returns this

  • Parse a message from a JSON value.

    Parameters

    • jsonValue: JsonValue
    • Optional options: Partial<JsonReadOptions>

    Returns this

  • Parse a message from a JSON string.

    Parameters

    • jsonString: string
    • Optional options: Partial<JsonReadOptions>

    Returns this

  • Retrieve the MessageType of this message - a singleton that represents the protobuf message declaration and provides metadata for reflection- based operations.

    Returns MessageType<cdx_16.Component>

  • Serialize the message to binary data.

    Parameters

    • Optional options: Partial<BinaryWriteOptions>

    Returns Uint8Array

  • Override for serialization behavior. This will be invoked when calling JSON.stringify on this message (i.e. JSON.stringify(msg)).

    Note that this will not serialize google.protobuf.Any with a packed message because the protobuf JSON format specifies that it needs to be unpacked, and this is only possible with a type registry to look up the message type. As a result, attempting to serialize a message with this type will throw an Error.

    This method is protected because you should not need to invoke it directly -- instead use JSON.stringify or toJsonString for stringified JSON. Alternatively, if actual JSON is desired, you should use toJson.

    Returns JsonValue

  • Serialize the message to a JSON value, a JavaScript value that can be passed to JSON.stringify().

    Parameters

    • Optional options: Partial<JsonWriteOptions>

    Returns JsonValue

  • Serialize the message to a JSON string.

    Parameters

    • Optional options: Partial<JsonWriteStringOptions>

    Returns string