1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
[tool.poetry]
name = "cyclonedx-python-lib"
# !! version is managed by semantic_release
version = "11.5.0"
description = "Python library for CycloneDX"
authors = [
"Paul Horton <phorton@sonatype.com>",
"Jan Kowalleck <jan.kowalleck@gmail.com>",
]
maintainers = [
"Jan Kowalleck <jan.kowalleck@gmail.com>",
]
license = "Apache-2.0"
readme = "README.md"
homepage = "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
repository = "https://github.com/CycloneDX/cyclonedx-python-lib"
documentation = "https://cyclonedx-python-library.readthedocs.io/"
packages = [
{ include = "cyclonedx" }
]
include = [
# all is an object -> prevent parse issue with dependabot
{ path="README.md", format =["sdist"] },
{ path="CHANGELOG.md", format=["sdist"] },
{ path="docs", format=["sdist"] },
{ path="examples", format=["sdist"] },
{ path="tests", format=["sdist"] },
]
exclude = [
# exclude dotfiles and dotfolders
"**/.*",
"docs/_build", "docs/processes",
]
classifiers = [
# Trove classifiers - https://packaging.python.org/specifications/core-metadata/#metadata-classifier
# Full list: https://pypi.python.org/pypi?%3Aaction=list_classifiers
'Development Status :: 5 - Production/Stable',
'Intended Audience :: Developers',
'Intended Audience :: Information Technology',
'Intended Audience :: Legal Industry',
'Intended Audience :: System Administrators',
'Topic :: Security',
'Topic :: Software Development',
'Topic :: System :: Software Distribution',
'License :: OSI Approved :: Apache Software License',
'Programming Language :: Python :: 3.9',
'Programming Language :: Python :: 3.10',
'Programming Language :: Python :: 3.11',
'Programming Language :: Python :: 3.12',
'Programming Language :: Python :: 3.13',
'Programming Language :: Python :: 3.14',
'Typing :: Typed',
]
keywords = [
"CycloneDX", "library",
"OWASP", "SCA",
"Software Bill of Materials", "Bill of Materials",
"BOM", "SBOM", "VEX", "VDR", "OBOM", "MBOM", "SaaSBOM",
"SPDX", "PackageURL", "PURL",
]
[tool.poetry.urls]
"Changelog" = "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
"Bug Tracker" = "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
"Funding" = "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"
[tool.poetry.dependencies]
python = "^3.9"
packageurl-python = ">=0.11, <2"
py-serializable = "^2.1.0"
sortedcontainers = "^2.4.0"
license-expression = "^30"
jsonschema = { version = "^4.25", extras=['format-nongpl'], optional=true }
referencing = { version = ">=0.28.4", optional=true } # in sync with the transitive dependency of `jsonschema`
lxml = { version=">=4,<7", optional=true }
typing_extensions = { version="^4.6", python = "<3.13"} # for `@deprecated` - which was added in v4.5 but this version appesrs to be broken...
[tool.poetry.extras]
validation = ["jsonschema", "referencing", "lxml"]
json-validation = ["jsonschema", "referencing"]
xml-validation = ["lxml"]
[tool.poetry.group.dev.dependencies]
ddt = "1.7.2"
coverage = "7.10.7"
flake8 = "7.3.0"
flake8-annotations = "3.1.1"
flake8-bugbear = "24.12.12"
flake8-copyright-validator = "0.0.1"
flake8-isort = "6.1.2"
flake8-quotes = "3.4.0"
flake8-use-fstring = "1.4"
pep8-naming = "0.15.1"
isort = "6.1.0"
autopep8 = "2.3.2"
mypy = "1.18.2"
tomli = { version = "2.3.0", python = "<3.11" }
tox = "4.30.3"
xmldiff = "2.7.0"
bandit = "1.8.6"
pyupgrade = "3.21.0"
deptry = "0.23.1"
# for tests, use the GPL-version of jsonschema format validators - they are faster
jsonschema = { version = "*", extras = ["format"], optional=true }
[tool.semantic_release]
# see https://python-semantic-release.readthedocs.io/en/latest/configuration.html
logging_use_named_masks = true
commit_parser = "conventional"
commit_parser_options = { parse_squash_commits = true, ignore_merge_commits = true }
commit_author = "semantic-release <semantic-release@bot.local>"
commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release\n\nSigned-off-by: semantic-release <semantic-release@bot.local>"
upload_to_vcs_release = true
build_command = """
pip install poetry
poetry build
"""
version_toml = ["pyproject.toml:tool.poetry.version"]
version_variables = [
"cyclonedx/__init__.py:__version__",
"docs/conf.py:release",
]
[tool.semantic_release.publish]
dist_glob_patterns = ["dist/*"]
upload_to_vcs_release = true
[tool.semantic_release.changelog]
default_templates = { changelog_file = "CHANGELOG.md" }
exclude_commit_patterns = [
'''chore(?:\([^)]*?\))?: .+''',
'''ci(?:\([^)]*?\))?: .+''',
'''refactor(?:\([^)]*?\))?: .+''',
'''style(?:\([^)]*?\))?: .+''',
'''tests?(?:\([^)]*?\))?: .+''',
'''build\((?!deps\): .+)''',
]
[tool.semantic_release.branches.main]
match = "(main|master)"
prerelease = false
[tool.semantic_release.branches."step"]
match = "(build|chore|ci|docs|feat|fix|perf|style|refactor|tests?)"
prerelease = true
prerelease_token = "alpha"
[tool.semantic_release.branches."major-dev"]
match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)"
prerelease = true
prerelease_token = "rc"
[tool.deptry]
extend_exclude = ["docs", "examples", "package_aliases", "tools"]
|
