File: get_bom_with_component_evidence-1.6.xml.bin

package info (click to toggle)
cyclonedx-python-lib 11.5.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 13,044 kB
  • sloc: xml: 20,462; python: 12,968; makefile: 21; sh: 16
file content (110 lines) | stat: -rw-r--r-- 3,389 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.6" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
  <metadata>
    <timestamp>2023-01-07T13:44:32.312678+00:00</timestamp>
    <tools>
      <components>
        <component type="application" bom-ref="cbom:generator">
          <name>product-cbom-generator</name>
        </component>
      </components>
    </tools>
    <component type="application" bom-ref="myApp">
      <name>root-component</name>
      <licenses>
        <license>
          <id>MIT</id>
        </license>
      </licenses>
    </component>
  </metadata>
  <components>
    <component type="library" bom-ref="pkg:pypi/setuptools@50.3.2?extension=tar.gz">
      <author>Test Author</author>
      <name>setuptools</name>
      <version>50.3.2</version>
      <licenses>
        <license>
          <id>MIT</id>
        </license>
      </licenses>
      <purl>pkg:pypi/setuptools@50.3.2?extension=tar.gz</purl>
      <evidence>
        <identity>
          <field>hash</field>
          <confidence>0.1</confidence>
          <concludedValue>example-hash</concludedValue>
          <methods>
            <method>
              <technique>attestation</technique>
              <confidence>0.1</confidence>
              <value>analysis-tool</value>
            </method>
          </methods>
          <tools>
            <tool ref="cbom:generator"/>
          </tools>
        </identity>
        <identity>
          <field>name</field>
          <confidence>0.9</confidence>
          <concludedValue>example-component</concludedValue>
          <methods>
            <method>
              <technique>source-code-analysis</technique>
              <confidence>0.8</confidence>
              <value>analysis-tool</value>
            </method>
          </methods>
          <tools>
            <tool ref="cbom:generator"/>
          </tools>
        </identity>
        <occurrences>
          <occurrence>
            <location>path/to/file</location>
            <line>42</line>
            <offset>16</offset>
            <symbol>exampleSymbol</symbol>
            <additionalContext>Found in source code</additionalContext>
          </occurrence>
        </occurrences>
        <callstack>
          <frames>
            <frame>
              <package>example.package</package>
              <module>example.module</module>
              <function>example_function</function>
              <parameters>
                <parameter>param1</parameter>
                <parameter>param2</parameter>
              </parameters>
              <line>10</line>
              <column>5</column>
              <fullFilename>path/to/file</fullFilename>
            </frame>
          </frames>
        </callstack>
        <licenses>
          <license>
            <id>MIT</id>
          </license>
        </licenses>
        <copyright>
          <text>Commercial</text>
          <text>Commercial 2</text>
        </copyright>
      </evidence>
    </component>
  </components>
  <dependencies>
    <dependency ref="myApp">
      <dependency ref="pkg:pypi/setuptools@50.3.2?extension=tar.gz"/>
    </dependency>
    <dependency ref="pkg:pypi/setuptools@50.3.2?extension=tar.gz"/>
  </dependencies>
  <properties>
    <property name="key1">val1</property>
    <property name="key2">val2</property>
  </properties>
</bom>