SBOM-CycloneDX
view release on metacpan or search on metacpan
Change history for SBOM::CycloneDX
1.07 2026-01-21
- Improved support for CycloneDX 1.7 (https://cyclonedx.org/docs/1.7/json/)
- Improved documentations
- Improved ENUM classes
- Added "patent" and "patentFamily" support (CycloneDX 1.7)
- Added initial support for testing multiple CycloneDX specifications from a single test file
- Added new tests
- Remove '$schema' in CycloneDX < 1.5
1.06 2026-01-15
- Added initial support for CycloneDX 1.7 (https://cyclonedx.org/docs/1.7/json/)
- Added "citation" support
- Improved "certificateProperties" support
- Added ENUM classes
- Added EXPERIMENTAL "SBOM::CycloneDX::Lite"
- Added examples ("x509-to-cbom.pl" and "rpm-to-sbom.pl")
- Improved documentations
1.05 2025-09-30
- Updating SPDX license list to 3.27.0
- FIX "Initialization of state variables in list context currently forbidden" in Perl < 5.28
1.04 2025-09-07
- Fix name in Makefile.PL (giterlizzi/perl-SBOM-CycloneDX#2)
- Fix mapping of "perl_5" license with SPDX expression
"Artistic-1.0-Perl OR GPL-1.0-or-later" (giterlizzi/perl-SBOM-CycloneDX#3)
- Improved "SBOM::CycloneDX::License" behavior
- Improved mapping of CPAN::Meta licenses to SPDX
- Added support for SPDX "NOASSERTION" and "NONE" licenses:
https://spdx.github.io/spdx-spec/v3.0.1/model/ExpandedLicensing/Individuals/NoAssertionLicense/
https://spdx.github.io/spdx-spec/v3.0.1/model/ExpandedLicensing/Individuals/NoneLicense/
1.03 2025-03-31
- Improved documentation
- Improved SPDX licenses loader
1.02 2025-03-14
- Added "SBOM::CycloneDX::Base" class
- Added "SBOM::CycloneDX::BomRef" class
- Load SPDX licenses from "spdx.schema.json"
- Updated documentations
1.01 2025-03-10
- Added most of CycloneDX 1.6 properties and components
- Added test data from CycloneDX Specification (https://github.com/CycloneDX/specification)
1.00 2025-02-27
- First release of SBOM::CycloneDX
# SBOM::CycloneDX - Perl extension for CycloneDX
The INSTALL is used to introduce the module and provide instructions on
how to install the module, any machine dependencies it may have (for
example C compilers and installed libraries) and any other information
that should be provided before the module is installed.
## INSTALLATION
Using Makefile.PL:
To install this module, run the following commands.
perl Makefile.PL
make
make test
make install
Using App::cpanminus:
cpanm SBOM::CycloneDX
## SUPPORT AND DOCUMENTATION
After installing, you can find documentation for this module with the
perldoc command.
perldoc SBOM::CycloneDX
You can also look for information at:
* GitHub issues (report bugs here) https://github.com/giterlizzi/perl-SBOM::CycloneDX/issues
## LICENSE AND COPYRIGHT
Copyright (C) 2025 Giuseppe Di Terlizzi
This program is free software; you can redistribute it and/or modify it
under the terms of the the Artistic License (2.0). You may obtain a
copy of the full license at:
Changes
examples/rpm-to-sbom.pl
examples/x509-to-cbom.pl
INSTALL.md
lib/SBOM/CycloneDX.pm
lib/SBOM/CycloneDX/Advisory.pm
lib/SBOM/CycloneDX/Annotation.pm
lib/SBOM/CycloneDX/Annotation/Annotator.pm
lib/SBOM/CycloneDX/Attachment.pm
lib/SBOM/CycloneDX/Base.pm
lib/SBOM/CycloneDX/BomRef.pm
lib/SBOM/CycloneDX/Citation.pm
lib/SBOM/CycloneDX/Component.pm
lib/SBOM/CycloneDX/Component/Commit.pm
lib/SBOM/CycloneDX/Component/ConfidenceInterval.pm
lib/SBOM/CycloneDX/Component/Diff.pm
lib/SBOM/CycloneDX/Component/Graphic.pm
lib/SBOM/CycloneDX/Component/GraphicsCollection.pm
lib/SBOM/CycloneDX/Component/ModelCard.pm
lib/SBOM/CycloneDX/Component/Patch.pm
lib/SBOM/CycloneDX/Component/Pedigree.pm
lib/SBOM/CycloneDX/Component/PerformanceMetric.pm
lib/SBOM/CycloneDX/Component/QuantitativeAnalysis.pm
lib/SBOM/CycloneDX/Component/SWID.pm
lib/SBOM/CycloneDX/CryptoProperties.pm
lib/SBOM/CycloneDX/CryptoProperties/AlgorithmProperties.pm
lib/SBOM/CycloneDX/CryptoProperties/CertificateExtension.pm
lib/SBOM/CycloneDX/CryptoProperties/CertificateProperties.pm
lib/SBOM/CycloneDX/CryptoProperties/CipherSuite.pm
lib/SBOM/CycloneDX/CryptoProperties/Ikev2TransformType.pm
lib/SBOM/CycloneDX/CryptoProperties/ProtocolProperties.pm
lib/SBOM/CycloneDX/CryptoProperties/RelatedCryptographicAsset.pm
lib/SBOM/CycloneDX/CryptoProperties/RelatedCryptoMaterialProperties.pm
lib/SBOM/CycloneDX/CryptoProperties/SecuredBy.pm
lib/SBOM/CycloneDX/DataGovernance.pm
lib/SBOM/CycloneDX/DataGovernanceResponsibleParty.pm
lib/SBOM/CycloneDX/Declarations.pm
lib/SBOM/CycloneDX/Declarations/Affirmation.pm
lib/SBOM/CycloneDX/Declarations/Assessor.pm
lib/SBOM/CycloneDX/Declarations/Attestation.pm
lib/SBOM/CycloneDX/Declarations/Claim.pm
lib/SBOM/CycloneDX/Declarations/Confidence.pm
lib/SBOM/CycloneDX/Declarations/Conformance.pm
lib/SBOM/CycloneDX/Declarations/Contents.pm
lib/SBOM/CycloneDX/Declarations/Data.pm
lib/SBOM/CycloneDX/Declarations/Evidence.pm
lib/SBOM/CycloneDX/Declarations/Map.pm
lib/SBOM/CycloneDX/Declarations/Signatory.pm
lib/SBOM/CycloneDX/Declarations/Targets.pm
lib/SBOM/CycloneDX/Definitions.pm
lib/SBOM/CycloneDX/Dependency.pm
lib/SBOM/CycloneDX/Enum.pm
lib/SBOM/CycloneDX/Enum/CommonExtensionName.pm
lib/SBOM/CycloneDX/Enum/ComponentType.pm
lib/SBOM/CycloneDX/Enum/CryptoAssetType.pm
lib/SBOM/CycloneDX/Enum/CryptoCertificationLevel.pm
lib/SBOM/CycloneDX/Enum/CryptoFunction.pm
lib/SBOM/CycloneDX/Enum/CryptoImplementationPlatform.pm
lib/SBOM/CycloneDX/Enum/CryptoMode.pm
lib/SBOM/CycloneDX/Enum/CryptoPadding.pm
lib/SBOM/CycloneDX/Enum/CryptoPrimitive.pm
lib/SBOM/CycloneDX/Enum/ExternalReferenceType.pm
lib/SBOM/CycloneDX/Enum/HashAlgorithm.pm
lib/SBOM/CycloneDX/Enum/ImpactAnalysisJustification.pm
lib/SBOM/CycloneDX/Enum/ImpactAnalysisState.pm
lib/SBOM/CycloneDX/Enum/LicenseType.pm
lib/SBOM/CycloneDX/Enum/LifecyclePhase.pm
lib/SBOM/CycloneDX/Enum/PatentAssertionType.pm
lib/SBOM/CycloneDX/Enum/PatentLegalStatus.pm
lib/SBOM/CycloneDX/Enum/ProtocolType.pm
lib/SBOM/CycloneDX/Enum/RelatedCryptoMaterialState.pm
lib/SBOM/CycloneDX/Enum/RelatedCryptoMaterialType.pm
lib/SBOM/CycloneDX/Enum/TlpClassification.pm
lib/SBOM/CycloneDX/ExternalReference.pm
lib/SBOM/CycloneDX/Formulation.pm
lib/SBOM/CycloneDX/Hash.pm
lib/SBOM/CycloneDX/IdentifiableAction.pm
lib/SBOM/CycloneDX/Issue.pm
lib/SBOM/CycloneDX/Issue/Source.pm
lib/SBOM/CycloneDX/License.pm
lib/SBOM/CycloneDX/License/ExpressionDetail.pm
lib/SBOM/CycloneDX/License/Licensee.pm
lib/SBOM/CycloneDX/License/Licensing.pm
lib/SBOM/CycloneDX/License/Licensor.pm
lib/SBOM/CycloneDX/License/Purchaser.pm
lib/SBOM/CycloneDX/List.pm
lib/SBOM/CycloneDX/Lite.pm
lib/SBOM/CycloneDX/Metadata.pm
lib/SBOM/CycloneDX/Metadata/DistributionConstraint.pm
lib/SBOM/CycloneDX/Metadata/Lifecycle.pm
lib/SBOM/CycloneDX/Note.pm
lib/SBOM/CycloneDX/OrganizationalContact.pm
lib/SBOM/CycloneDX/OrganizationalEntity.pm
lib/SBOM/CycloneDX/Patent.pm
lib/SBOM/CycloneDX/Patent/PriorityApplication.pm
lib/SBOM/CycloneDX/PatentAssertion.pm
lib/SBOM/CycloneDX/PatentFamily.pm
lib/SBOM/CycloneDX/PostalAddress.pm
lib/SBOM/CycloneDX/Property.pm
lib/SBOM/CycloneDX/ReleaseNotes.pm
lib/SBOM/CycloneDX/Schema.pm
lib/SBOM/CycloneDX/schema/bom-1.2-strict.schema.json
lib/SBOM/CycloneDX/schema/bom-1.2.schema.json
lib/SBOM/CycloneDX/schema/bom-1.3-strict.schema.json
lib/SBOM/CycloneDX/schema/bom-1.3.schema.json
lib/SBOM/CycloneDX/schema/bom-1.4.schema.json
lib/SBOM/CycloneDX/schema/bom-1.5.schema.json
lib/SBOM/CycloneDX/schema/bom-1.6.schema.json
lib/SBOM/CycloneDX/schema/bom-1.7.schema.json
lib/SBOM/CycloneDX/schema/cryptography-defs.json
lib/SBOM/CycloneDX/schema/cryptography-defs.schema.json
lib/SBOM/CycloneDX/schema/jsf-0.82.schema.json
lib/SBOM/CycloneDX/schema/spdx.schema.json
lib/SBOM/CycloneDX/Service.pm
lib/SBOM/CycloneDX/Standard.pm
lib/SBOM/CycloneDX/Standard/Level.pm
lib/SBOM/CycloneDX/Standard/Requirement.pm
lib/SBOM/CycloneDX/Timestamp.pm
lib/SBOM/CycloneDX/Tool.pm
lib/SBOM/CycloneDX/Tools.pm
lib/SBOM/CycloneDX/Util.pm
lib/SBOM/CycloneDX/Version.pm
lib/SBOM/CycloneDX/Vulnerability.pm
lib/SBOM/CycloneDX/Vulnerability/Affect.pm
lib/SBOM/CycloneDX/Vulnerability/Analysis.pm
lib/SBOM/CycloneDX/Vulnerability/Credits.pm
lib/SBOM/CycloneDX/Vulnerability/ProofOfConcept.pm
lib/SBOM/CycloneDX/Vulnerability/Rating.pm
lib/SBOM/CycloneDX/Vulnerability/Reference.pm
lib/SBOM/CycloneDX/Vulnerability/Source.pm
LICENSE
Makefile.PL
MANIFEST This list of files
README.md
t/00-load.t
t/10-enum.t
t/50-invalid-empty-component.t
t/50-invalid-license-id.t
t/50-invalid-license-missing-id-and-name.t
t/50-invalid-metadata-license.t
],
"dynamic_config" : 1,
"generated_by" : "ExtUtils::MakeMaker version 7.76, CPAN::Meta::Converter version 2.150010",
"license" : [
"artistic_2"
],
"meta-spec" : {
"url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
"version" : 2
},
"name" : "SBOM-CycloneDX",
"no_index" : {
"directory" : [
"t",
"inc"
]
},
"prereqs" : {
"build" : {
"requires" : {
"ExtUtils::MakeMaker" : "0"
},
"test" : {
"requires" : {
"Test::More" : "0"
}
}
},
"release_status" : "stable",
"resources" : {
"bugtracker" : {
"web" : "https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues"
},
"repository" : {
"type" : "git",
"url" : "git://github.com/giterlizzi/perl-SBOM-CycloneDX",
"web" : "https://github.com/giterlizzi/perl-SBOM-CycloneDX"
}
},
"version" : 1.07,
"x_purl" : "pkg:cpan/GDT/SBOM-CycloneDX",
"x_serialization_backend" : "JSON::PP version 4.16"
}
ExtUtils::MakeMaker: '0'
Test::More: '0'
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
generated_by: 'ExtUtils::MakeMaker version 7.76, CPAN::Meta::Converter version 2.150010'
license: artistic_2
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
version: '1.4'
name: SBOM-CycloneDX
no_index:
directory:
- t
- inc
requires:
Cpanel::JSON::XS: '0'
JSON::Validator: '0'
List::Util: '0'
Moo: '0'
Type::Tiny: '0'
URI::PackageURL: '2.22'
UUID::Tiny: '0'
namespace::autoclean: '0'
perl: '5.016'
resources:
bugtracker: https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues
repository: git://github.com/giterlizzi/perl-SBOM-CycloneDX
version: 1.07
x_purl: pkg:cpan/GDT/SBOM-CycloneDX
x_serialization_backend: 'CPAN::Meta::YAML version 0.020'
Makefile.PL view on Meta::CPAN
#!perl
use strict;
use warnings;
use ExtUtils::MakeMaker;
WriteMakefile(
NAME => 'SBOM::CycloneDX',
AUTHOR => q{Giuseppe Di Terlizzi <gdt@cpan.org>},
VERSION_FROM => 'lib/SBOM/CycloneDX.pm',
LICENSE => 'artistic_2',
MIN_PERL_VERSION => 5.016,
PL_FILES => {},
CONFIGURE_REQUIRES => {'ExtUtils::MakeMaker' => '0'},
TEST_REQUIRES => {'Test::More' => '0'},
PREREQ_PM => {
'Cpanel::JSON::XS' => '0',
'JSON::Validator' => '0',
'List::Util' => '0',
'Moo' => '0',
'namespace::autoclean' => '0',
'Type::Tiny' => '0',
'URI::PackageURL' => '2.22',
'UUID::Tiny' => '0',
},
META_MERGE => {
'meta-spec' => {version => 2},
'resources' => {
bugtracker => {web => 'https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues'},
repository => {
type => 'git',
url => 'git://github.com/giterlizzi/perl-SBOM-CycloneDX',
web => 'https://github.com/giterlizzi/perl-SBOM-CycloneDX'
},
},
x_purl => 'pkg:cpan/GDT/SBOM-CycloneDX'
},
dist => {COMPRESS => 'gzip -9f', SUFFIX => 'gz'},
clean => {FILES => 'SBOM-CycloneDX-*'},
);
[](https://github.com/giterlizzi/perl-SBOM-CycloneDX/releases) [](https:...
# SBOM::CycloneDX - Perl extension for CycloneDX
## Synopsis
```.pl
my $bom = SBOM::CycloneDX->new;
my $root_component = SBOM::CycloneDX::Component->new(
type => 'application',
name => 'MyApp',
licenses => [SBOM::CycloneDX::License->new('Artistic-2.0')],
bom_ref => 'MyApp'
);
my $metadata = $bom->metadata;
$metadata->tools->add(cyclonedx_tool);
$metadata->component($root_component);
my $component1 = SBOM::CycloneDX::Component->new(
type => 'library',
name => 'some-component',
group => 'acme',
version => '1.33.7-beta.1',
licenses => [SBOM::CycloneDX::License->new(name => '(c) 2021 Acme inc.')],
bom_ref => 'myComponent@1.33.7-beta.1',
purl => URI::PackageURL->new(
type => 'generic',
namespace => 'acme',
name => 'some-component',
version => '1.33.7-beta.1'
),
);
$bom->components->add($component1);
$bom->add_dependency($root_component, [$component1]);
my $component2 = SBOM::CycloneDX::Component->new(
type => 'library',
name => 'some-library',
licenses => [SBOM::CycloneDX::License->new(expression => 'GPL-3.0-only WITH Classpath-exception-2.0')],
bom_ref => 'some-lib',
);
$bom->components->add($component2);
$bom->add_dependency($root_component, [$component2]);
my @errors = $bom->validate;
if (@errors) {
say $_ for (@errors);
Carp::croak 'Validation error';
}
say $bom->to_string;
```
## Install
Using Makefile.PL:
To install `SBOM-CycloneDX` distribution, run the following commands.
perl Makefile.PL
make
make test
make install
Using `App::cpanminus`:
cpanm SBOM::CycloneDX
## Documentation
- `perldoc SBOM::CycloneDX`
- https://metacpan.org/release/SBOM-CycloneDX
- https://cyclonedx.org/
## Copyright
- Copyright 2025-2026 © Giuseppe Di Terlizzi
examples/rpm-to-sbom.pl view on Meta::CPAN
#!perl
# rpm-to-bom.pl - Generate a BOM file from installed RPM packages
# (C) 2026, Giuseppe Di Terlizzi <giuseppe.diterlizzi@gmail.com>
# License MIT
use strict;
use warnings;
use utf8;
use v5.16;
use SBOM::CycloneDX;
use SBOM::CycloneDX::Component;
use SBOM::CycloneDX::Metadata::Lifecycle;
use SBOM::CycloneDX::Tool;
use SBOM::CycloneDX::Util qw(cyclonedx_tool);
use Carp;
use URI::PackageURL;
my $packages = `rpm -qa --qf '%{NAME}\t%{VERSION}-%{RELEASE}\t%{ARCH}\t%{SUMMARY}\n'`;
my @packages = split /\n/, $packages;
my %os_release = parse_os_release();
my $bom = SBOM::CycloneDX->new(spec_version => 1.7);
my $os_component = SBOM::CycloneDX::Component->new(
type => 'operating-system',
name => $os_release{NAME},
version => $os_release{VERSION},
bom_ref => sprintf('%s-%s', $os_release{ID}, $os_release{VERSION_ID}),
cpe => $os_release{CPE_NAME},
);
my $root_component = SBOM::CycloneDX::Component->new(
type => 'operating-system',
name => $os_release{NAME},
version => $os_release{VERSION},
lifecycle => {phase => 'operation'},
);
my $this_tool = SBOM::CycloneDX::Tool->new(name => $0, version => '1.0');
my $lifecycle = SBOM::CycloneDX::Metadata::Lifecycle->new(phase => 'operations');
my $metadata = $bom->metadata;
$metadata->lifecycles->add($lifecycle);
$metadata->component($root_component);
$metadata->tools->add(cyclonedx_tool);
$metadata->tools->add($this_tool);
$bom->components->add($os_component);
examples/rpm-to-sbom.pl view on Meta::CPAN
my ($name, $version, $arch, $summary) = split /\t/, $package;
my $purl = URI::PackageURL->new(
type => 'rpm',
namespace => $os_release{ID},
name => $name,
version => $version,
qualifiers => {arch => $arch, distro => sprintf('%s-%s', $os_release{ID}, $os_release{VERSION_ID})}
);
my $pkg_component = SBOM::CycloneDX::Component->new(
type => 'application',
name => $name,
description => $summary,
version => $version,
bom_ref => "$name-$version",
purl => $purl
);
$bom->components->add($pkg_component);
$bom->add_dependency($os_component, [$pkg_component]);
examples/x509-to-cbom.pl view on Meta::CPAN
#!perl
# x509-to-cbom.pl - Convert the provided certificate in CBOM format
# (C) 2026, Giuseppe Di Terlizzi <giuseppe.diterlizzi@gmail.com>
# License MIT
use strict;
use warnings;
use utf8;
use v5.16;
use SBOM::CycloneDX;
use SBOM::CycloneDX::Component;
use SBOM::CycloneDX::CryptoProperties::CertificateExtension;
use SBOM::CycloneDX::CryptoProperties::CertificateProperties;
use SBOM::CycloneDX::CryptoProperties::RelatedCryptographicAsset;
use SBOM::CycloneDX::CryptoProperties;
use SBOM::CycloneDX::Enum;
use SBOM::CycloneDX::Tool;
use SBOM::CycloneDX::Util qw(cyclonedx_tool);
use Carp;
use Crypt::OpenSSL::X509;
use File::Basename;
use Time::Piece;
my $path = shift;
unless (defined $path) {
examples/x509-to-cbom.pl view on Meta::CPAN
unless (-e $path) {
say "Certificate file not found\n";
exit 2;
}
my ($filename, $dirs, $suffix) = fileparse($path, qw[.crt .cer .pem]);
$suffix =~ s/^\.//;
my $bom = SBOM::CycloneDX->new(spec_version => 1.7);
my $x509 = eval { Crypt::OpenSSL::X509->new_from_file($path) };
if ($@) {
say "[ERROR] $@\n";
exit 3;
}
my $root_component = SBOM::CycloneDX::Component->new(type => 'application', name => 'my application', version => '1.0');
my $this_tool = SBOM::CycloneDX::Tool->new(name => $0, version => '1.0');
my $metadata = $bom->metadata;
$metadata->component($root_component);
$metadata->tools->add(cyclonedx_tool);
$metadata->tools->add($this_tool);
my $fingerprint = $x509->fingerprint_sha256;
$fingerprint =~ s/://g;
my $public_key_component = SBOM::CycloneDX::Component->new(
type => 'cryptographic-asset',
name => 'Certificate-Public-Key',
bom_ref => 'publicKey',
crypto_properties => SBOM::CycloneDX::CryptoProperties->new(
asset_type => 'related-crypto-material',
related_crypto_material_properties => SBOM::CycloneDX::CryptoProperties::RelatedCryptoMaterialProperties->new(
type => 'public-key',
format => 'PEM',
size => $x509->bit_length,
value => $x509->pubkey,
)
)
);
my @cert_extensions = ();
my $x509_extensions = $x509->extensions_by_name();
foreach my $extension_name (sort keys %{$x509_extensions}) {
my $extension = $x509_extensions->{$extension_name};
my $extension_value = $extension->as_string;
next unless $extension_value;
my $bom_certificate_extension = SBOM::CycloneDX::CryptoProperties::CertificateExtension->new(
common_extension_name => $extension_name,
common_extension_value => $extension_value
);
unless (grep { $extension_name eq $_ } SBOM::CycloneDX::Enum->COMMON_EXTENSION_NAMES()) {
$bom_certificate_extension = SBOM::CycloneDX::CryptoProperties::CertificateExtension->new(
custom_extension_name => $extension_name,
custom_extension_value => $extension_value
);
}
push @cert_extensions, $bom_certificate_extension;
}
my $cert_component = SBOM::CycloneDX::Component->new(
type => 'cryptographic-asset',
name => $filename,
bom_ref => $filename,
crypto_properties => SBOM::CycloneDX::CryptoProperties->new(
oid => '2.5.4.3',
asset_type => 'certificate',
certificate_properties => SBOM::CycloneDX::CryptoProperties::CertificateProperties->new(
serial_number => $x509->serial,
subject_name => $x509->subject_name->as_string,
issuer_name => $x509->issuer_name->as_string,
certificate_format => 'X.509',
certificate_extension => $suffix,
not_valid_before => Time::Piece->strptime($x509->notBefore(), '%b %d %H:%M:%S %Y %Z')->datetime,
not_valid_after => Time::Piece->strptime($x509->notAfter(), '%b %d %H:%M:%S %Y %Z')->datetime,
fingerprint => SBOM::CycloneDX::Hash->new(alg => 'SHA-256', content => $fingerprint),
certificate_extensions => \@cert_extensions,
related_cryptographic_assets => [
SBOM::CycloneDX::CryptoProperties::RelatedCryptographicAsset->new(
type => 'publicKey',
ref => $public_key_component->bom_ref
)
],
)
),
);
$bom->components->add($cert_component);
$bom->components->add($public_key_component);
lib/SBOM/CycloneDX.pm view on Meta::CPAN
package SBOM::CycloneDX;
use 5.010001;
use strict;
use warnings;
use utf8;
use Types::Standard qw(Str StrMatch Int Num InstanceOf HashRef);
use Types::TypeTiny qw(ArrayLike);
use SBOM::CycloneDX::Declarations;
use SBOM::CycloneDX::Definitions;
use SBOM::CycloneDX::Dependency;
use SBOM::CycloneDX::List;
use SBOM::CycloneDX::Metadata;
use SBOM::CycloneDX::Schema;
use SBOM::CycloneDX::Util qw(urn_uuid);
use List::Util qw(uniq);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
use constant JSON_SCHEMA_1_2 => 'http://cyclonedx.org/schema/bom-1.2b.schema.json';
use constant JSON_SCHEMA_1_3 => 'http://cyclonedx.org/schema/bom-1.3a.schema.json';
use constant JSON_SCHEMA_1_4 => 'http://cyclonedx.org/schema/bom-1.4.schema.json';
use constant JSON_SCHEMA_1_5 => 'http://cyclonedx.org/schema/bom-1.5.schema.json';
use constant JSON_SCHEMA_1_6 => 'http://cyclonedx.org/schema/bom-1.6.schema.json';
use constant JSON_SCHEMA_1_7 => 'http://cyclonedx.org/schema/bom-1.7.schema.json';
our $VERSION = 1.07;
lib/SBOM/CycloneDX.pm view on Meta::CPAN
has serial_number => (
is => 'rw',
isa => StrMatch [qr{^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$}],
default => sub {urn_uuid}
);
has version => (is => 'rw', isa => Int, default => 1);
has metadata =>
(is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Metadata'], default => sub { SBOM::CycloneDX::Metadata->new });
has components => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
default => sub { SBOM::CycloneDX::List->new }
);
has services => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Service']],
default => sub { SBOM::CycloneDX::List->new }
);
has external_references => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::ExternalReference']],
default => sub { SBOM::CycloneDX::List->new }
);
has dependencies => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Dependency']],
default => sub { SBOM::CycloneDX::List->new }
);
has compositions => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Composition']],
default => sub { SBOM::CycloneDX::List->new }
);
has vulnerabilities => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Vulnerability']],
default => sub { SBOM::CycloneDX::List->new }
);
has annotations => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Annotations']],
default => sub { SBOM::CycloneDX::List->new }
);
has formulation => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Formulation']],
default => sub { SBOM::CycloneDX::List->new }
);
has declarations => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::Declarations'],
default => sub { SBOM::CycloneDX::Declarations->new }
);
has definitions => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::Definitions'],
default => sub { SBOM::CycloneDX::Definitions->new }
);
has citations => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Citation']],
default => sub { SBOM::CycloneDX::List->new }
);
has properties => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Property']],
default => sub { SBOM::CycloneDX::List->new }
);
# TODO JSF (JSON Signature Format)
has signature => (is => 'rw', isa => HashRef, default => sub { {} });
sub validate { SBOM::CycloneDX::Schema->new(bom => shift)->validate }
sub add_dependency {
my ($self, $target, $depends_on) = @_;
my $target_ref = $target->bom_ref;
my @depends_on_refs = map { $_->bom_ref } @{$depends_on};
my $exists = 0;
lib/SBOM/CycloneDX.pm view on Meta::CPAN
my @old_refs = @{$dependency->depends_on};
push @old_refs, @depends_on_refs;
my @new_refs = uniq(@old_refs);
$dependency->depends_on(\@new_refs);
}
if (not $exists) {
$self->dependencies->push(
SBOM::CycloneDX::Dependency->new(ref => $target_ref, depends_on => \@depends_on_refs));
}
# Add empty dependency entry if not exists "ref"
$self->add_dependency($_, []) for (@{$depends_on});
}
sub get_component_by_purl {
my ($self, $purl) = @_;
lib/SBOM/CycloneDX.pm view on Meta::CPAN
foreach my $component (@{$self->components}) {
return $component if ($component->bom_ref && $component->bom_ref eq $bom_ref);
}
}
sub get_vulnerabilities_for_bom_ref {
my ($self, $bom_ref) = @_;
my $list = SBOM::CycloneDX::List->new;
foreach my $vulnerability (@{$self->vulnerabilities}) {
foreach my $affect (@{$vulnerability->affects}) {
$list->add($vulnerability) if $affect->ref eq $bom_ref;
}
}
return $list;
}
sub get_affected_components_by_cve {
my ($self, $cve_id) = @_;
my $list = SBOM::CycloneDX::List->new;
foreach my $vulnerability (@{$self->vulnerabilities}) {
if ($vulnerability->id eq $cve_id) {
foreach my $affect (@{$vulnerability->affects}) {
$list->add($self->get_component_by_bom_ref($affect->ref));
}
}
}
return $list;
lib/SBOM/CycloneDX.pm view on Meta::CPAN
1;
__END__
=encoding utf-8
=head1 NAME
SBOM::CycloneDX - CycloneDX Perl Library
=head1 SYNOPSIS
use SBOM::CycloneDX;
use SBOM::CycloneDX::Enum qw(COMPONENT_TYPE);
my $bom = SBOM::CycloneDX->new;
my $root_component = SBOM::CycloneDX::Component->new(
type => COMPONENT_TYPE->APPLICATION,
name => 'MyApp',
licenses => [SBOM::CycloneDX::License->new('Artistic-2.0')],
bom_ref => 'MyApp'
);
my $metadata = $bom->metadata;
$metadata->tools->add(cyclonedx_tool);
$metadata->component($root_component);
my $component1 = SBOM::CycloneDX::Component->new(
type => COMPONENT_TYPE->LIBRARY,
name => 'some-component',
group => 'acme',
version => '1.33.7-beta.1',
licenses => [SBOM::CycloneDX::License->new(name => '(c) 2021 Acme inc.')],
bom_ref => 'myComponent@1.33.7-beta.1',
purl => URI::PackageURL->new(
type => 'generic',
namespace => 'acme',
name => 'some-component',
version => '1.33.7-beta.1'
),
);
$bom->components->add($component1);
$bom->add_dependency($root_component, [$component1]);
my $component2 = SBOM::CycloneDX::Component->new(
type => COMPONENT_TYPE->LIBRARY,
name => 'some-library',
licenses => [SBOM::CycloneDX::License->new(expression => 'GPL-3.0-only WITH Classpath-exception-2.0')],
bom_ref => 'some-lib',
);
$bom->components->add($component2);
$bom->add_dependency($root_component, [$component2]);
my @errors = $bom->validate;
if (@errors) {
say $_ for (@errors);
Carp::croak 'Validation error';
}
say $bom->to_string;
=head1 DESCRIPTION
L<SBOM::CycloneDX> is a library for generate valid OWASP CycloneDX BOM file.
OWASP CycloneDX (ECMA-424) is a modern standard for the software supply chain.
At its core, CycloneDX is a general-purpose Bill of Materials (BOM) standard
capable of representing software, hardware, services, and other types of
inventory. The CycloneDX standard began in 2017 in the Open Worldwide
Application Security Project (OWASP) community. CycloneDX is an OWASP flagship
project, has a formal standardization process and governance model, and is
supported by the global information security community.
CycloneDX far exceeds the L<Minimum Elements for Software Bill of Materials|https://www.ntia.gov/files/ntia/publications/sbom_minimum_elements_report.pdf>
as defined by the L<National Telecommunications and Information Administration (NTIA)|https://www.ntia.gov/>
in response to L<U.S. Executive Order 14028|https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/>.
CycloneDX provides advanced supply chain capabilities for cyber risk reduction. Among these capabilities are:
=over
=item Software Bill of Materials (SBOM)
=item Software-as-a-Service Bill of Materials (SaaSBOM)
=item Hardware Bill of Materials (HBOM)
=item Machine Learning Bill of Materials (ML-BOM)
=item Cryptography Bill of Materials (CBOM)
=item Operations Bill of Materials (OBOM)
=item Manufacturing Bill of Materials (MBOM)
=item Bill of Vulnerabilities (BOV)
=item Vulnerability Disclosure Report (VDR)
=item Vulnerability Exploitability eXchange (VEX)
=item CycloneDX Attestations (CDXA)
=item Common Release Notes Format
=back
L<https://www.cyclonedx.org>
L<https://ecma-international.org/publications-and-standards/standards/ecma-424/>
L<SBOM::CycloneDX> implements the following versions of the CycloneDX specification:
=over
=item * L<1.7|https://cyclonedx.org/docs/1.7/json/>
=item * L<1.6|https://cyclonedx.org/docs/1.6/json/>
=item * L<1.5|https://cyclonedx.org/docs/1.5/json/>
=item * L<1.4|https://cyclonedx.org/docs/1.4/json/>
=item * L<1.3|https://cyclonedx.org/docs/1.3/json/>
=item * L<1.2|https://cyclonedx.org/docs/1.2/json/>
=back
=head2 MODELS
This is the class hierarchy of the L<SBOM::CycloneDX> distribution.
=over
=item * L<SBOM::CycloneDX>
=item * L<SBOM::CycloneDX::Advisory>
=item * L<SBOM::CycloneDX::Annotation>
=over
=item * L<SBOM::CycloneDX::Annotation::Annotator>
=back
=item * L<SBOM::CycloneDX::Attachment>
=item * L<SBOM::CycloneDX::Citation>
=item * L<SBOM::CycloneDX::Component>
=over
=item * L<SBOM::CycloneDX::Component::Commit>
=item * L<SBOM::CycloneDX::Component::ConfidenceInterval>
=item * L<SBOM::CycloneDX::Component::Diff>
=item * L<SBOM::CycloneDX::Component::Graphic>
=item * L<SBOM::CycloneDX::Component::GraphicsCollection>
=item * L<SBOM::CycloneDX::Component::ModelCard>
=item * L<SBOM::CycloneDX::Component::Patch>
=item * L<SBOM::CycloneDX::Component::Pedigree>
=item * L<SBOM::CycloneDX::Component::PerformanceMetric>
=item * L<SBOM::CycloneDX::Component::QuantitativeAnalysis>
=item * L<SBOM::CycloneDX::Component::SWID>
=back
=item * L<SBOM::CycloneDX::CryptoProperties>
=over
=item * L<SBOM::CycloneDX::CryptoProperties::AlgorithmProperties>
=item * L<SBOM::CycloneDX::CryptoProperties::CertificateProperties>
=item * L<SBOM::CycloneDX::CryptoProperties::CipherSuite>
=item * L<SBOM::CycloneDX::CryptoProperties::Ikev2TransformType>
=item * L<SBOM::CycloneDX::CryptoProperties::ProtocolProperties>
=item * L<SBOM::CycloneDX::CryptoProperties::RelatedCryptographicAsset>
=item * L<SBOM::CycloneDX::CryptoProperties::RelatedCryptoMaterialProperties>
=item * L<SBOM::CycloneDX::CryptoProperties::SecuredBy>
=back
=item * L<SBOM::CycloneDX::DataGovernance>
=item * L<SBOM::CycloneDX::DataGovernanceResponsibleParty>
=item * L<SBOM::CycloneDX::Declarations>
=over
=item * L<SBOM::CycloneDX::Declarations::Affirmation>
=item * L<SBOM::CycloneDX::Declarations::Assessor>
=item * L<SBOM::CycloneDX::Declarations::Attestation>
=item * L<SBOM::CycloneDX::Declarations::Claim>
=item * L<SBOM::CycloneDX::Declarations::Confidence>
=item * L<SBOM::CycloneDX::Declarations::Conformance>
=item * L<SBOM::CycloneDX::Declarations::Contents>
=item * L<SBOM::CycloneDX::Declarations::Data>
=item * L<SBOM::CycloneDX::Declarations::Evidence>
=item * L<SBOM::CycloneDX::Declarations::Map>
=item * L<SBOM::CycloneDX::Declarations::Signatory>
=item * L<SBOM::CycloneDX::Declarations::Targets>
=back
=item * L<SBOM::CycloneDX::Definitions>
=item * L<SBOM::CycloneDX::Dependency>
=item * L<SBOM::CycloneDX::Enum>
=over
=item * L<SBOM::CycloneDX::Enum::CommonExtensionName>
=item * L<SBOM::CycloneDX::Enum::ComponentType>
=item * L<SBOM::CycloneDX::Enum::CryptoAssetType>
=item * L<SBOM::CycloneDX::Enum::CryptoCertificationLevel>
=item * L<SBOM::CycloneDX::Enum::CryptoFunction>
=item * L<SBOM::CycloneDX::Enum::CryptoImplementationPlatform>
=item * L<SBOM::CycloneDX::Enum::CryptoMode>
=item * L<SBOM::CycloneDX::Enum::CryptoPadding>
=item * L<SBOM::CycloneDX::Enum::CryptoPrimitive>
=item * L<SBOM::CycloneDX::Enum::ExternalReferenceType>
=item * L<SBOM::CycloneDX::Enum::HashAlgorithm>
=item * L<SBOM::CycloneDX::Enum::ImpactAnalysisJustification>
=item * L<SBOM::CycloneDX::Enum::ImpactAnalysisState>
=item * L<SBOM::CycloneDX::Enum::LicenseType>
=item * L<SBOM::CycloneDX::Enum::LifecyclePhase>
=item * L<SBOM::CycloneDX::Enum::ProtocolType>
=item * L<SBOM::CycloneDX::Enum::RelatedCryptoMaterialState>
=item * L<SBOM::CycloneDX::Enum::RelatedCryptoMaterialType>
=item * L<SBOM::CycloneDX::Enum::TlpClassification>
=back
=item * L<SBOM::CycloneDX::ExternalReference>
=item * L<SBOM::CycloneDX::Formulation>
=item * L<SBOM::CycloneDX::Hash>
=item * L<SBOM::CycloneDX::IdentifiableAction>
=item * L<SBOM::CycloneDX::Issue>
=over
=item * L<SBOM::CycloneDX::Issue::Source>
=back
=item * L<SBOM::CycloneDX::License>
=over
=item * L<SBOM::CycloneDX::License::ExpressionDetail>
=item * L<SBOM::CycloneDX::License::Licensee>
=item * L<SBOM::CycloneDX::License::Licensing>
=item * L<SBOM::CycloneDX::License::Licensor>
=item * L<SBOM::CycloneDX::License::Purchaser>
=back
=item * L<SBOM::CycloneDX::Metadata>
=item * L<SBOM::CycloneDX::Metadata::DistributionConstraint>
=item * L<SBOM::CycloneDX::Metadata::Lifecycle>
=item * L<SBOM::CycloneDX::Note>
=item * L<SBOM::CycloneDX::OrganizationalContact>
=item * L<SBOM::CycloneDX::OrganizationalEntity>
=item * L<SBOM::CycloneDX::Patent>
=over
=item * L<SBOM::CycloneDX::Patent::PriorityApplication>
=back
=item * L<SBOM::CycloneDX::PatentAssertion>
=item * L<SBOM::CycloneDX::PatentFamily>
=item * L<SBOM::CycloneDX::PostalAddress>
=item * L<SBOM::CycloneDX::Property>
=item * L<SBOM::CycloneDX::ReleaseNotes>
=item * L<SBOM::CycloneDX::Schema>
=item * L<SBOM::CycloneDX::Service>
=item * L<SBOM::CycloneDX::Standard>
=over
=item * L<SBOM::CycloneDX::Standard::Level>
=item * L<SBOM::CycloneDX::Standard::Requirement>
=back
=item * L<SBOM::CycloneDX::Tool>
=item * L<SBOM::CycloneDX::Tools>
=item * L<SBOM::CycloneDX::Version>
=item * L<SBOM::CycloneDX::Vulnerability>
=over
=item * L<SBOM::CycloneDX::Vulnerability::Affect>
=item * L<SBOM::CycloneDX::Vulnerability::Analysis>
=item * L<SBOM::CycloneDX::Vulnerability::Credits>
=item * L<SBOM::CycloneDX::Vulnerability::ProofOfConcept>
=item * L<SBOM::CycloneDX::Vulnerability::Rating>
=item * L<SBOM::CycloneDX::Vulnerability::Reference>
=item * L<SBOM::CycloneDX::Vulnerability::Source>
=back
=back
=head3 HELPERS
=over
=item * L<SBOM::CycloneDX::BomRef>
=item * L<SBOM::CycloneDX::List>
=item * L<SBOM::CycloneDX::Lite>
=item * L<SBOM::CycloneDX::Timestamp>
=item * L<SBOM::CycloneDX::Util>
=back
=head2 METHODS
L<SBOM::CycloneDX> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX->new( %PARAMS )
Create new CycloneDX instance.
my $bom = SBOM::CycloneDX->new(
spec_version => '1.5',
version => 1,
serial_number => $serial_number
);
$bom->components->add($component);
say $bom;
=item $bom->spec_version
The version of the CycloneDX specification the BOM conforms to.
Default version is B<1.7>.
$bom->spec_version('1.5');
=item $bom->version
Whenever an existing BOM is modified, either manually or through
automated processes, the version of the BOM SHOULD be
incremented by 1. When a system is presented with multiple BOMs
with identical serial numbers, the system SHOULD use the most
recent version of the BOM. The default version is '1'.
=item $bom->serial_number
Every BOM generated SHOULD have a unique serial number, even if the contents of
the BOM have not changed over time. If specified, the serial number must
conform to L<RFC 4122|https://www.ietf.org/rfc/rfc4122.html>. Use of serial
numbers is recommended.
$bom->serial_number('urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79');
=item $bom->metadata
Provides additional information about a BOM.
See L<SBOM::CycloneDX::Metadata>.
=item $bom->components
A list of software and hardware components.
$bom->components->add($component);
See L<SBOM::CycloneDX::Component>.
=item $sbom->services
A list of services. This may include microservices, function-as-a-
service, and other types of network or intra-process services.
$bom->services->add($service);
See L<SBOM::CycloneDX::Service>.
=item $bom->external_references
External references provide a way to document systems, sites, and
information that may be relevant but are not included with the BOM.
They may also establish specific relationships within or external to the
BOM.
$bom->external_references->add($external_reference);
See L<SBOM::CycloneDX::ExternalReferences>.
=item $bom->dependencies
Provides the ability to document dependency relationships including
provided & implemented components.
$bom->dependencies->add($dependency);
# or
$bom->add_dependency($parent_component, [$component1, component2])
See L<SBOM::CycloneDX::Dependency>.
=item $bom->compositions
Compositions describe constituent parts (including components,
services, and dependency relationships) and their completeness. The
completeness of vulnerabilities expressed in a BOM may also be
described.
$bom->compositions->add($composition);
See L<SBOM::CycloneDX::Composition>.
=item $bom->vulnerabilities
Vulnerabilities identified in components or services.
$bom->vulnerabilities->add($vulnerability);
See L<SBOM::CycloneDX::Vulnerability>.
=item $bom->annotations
Comments made by people, organizations, or tools about any object
with a bom-ref, such as components, services, vulnerabilities, or the
BOM itself. Unlike inventory information, annotations may contain
opinions or commentary from various stakeholders. Annotations may
be inline (with inventory) or externalized via BOM-Link and may
optionally be signed.
$bom->annotations->add($annotation);
See L<SBOM::CycloneDX::Annotation>.
=item $bom->formulation
Describes how a component or service was manufactured or
deployed. This is achieved through the use of formulas, workflows,
tasks, and steps, which declare the precise steps to reproduce along
with the observed formulas describing the steps which transpired in the
manufacturing process.
$bom->formulation->add($formulation);
See L<SBOM::CycloneDX::Formulation>.
=item $bom->declarations
The list of declarations which describe the conformance to standards.
Each declaration may include attestations, claims, and evidence.
See L<SBOM::CycloneDX::Declarations>.
=item $bom->definitions
A collection of reusable objects that are defined and may be used
elsewhere in the BOM.
$bom->definitions->add($definition);
See L<SBOM::CycloneDX::Definition>.
=item $bom->citations
A collection of attributions indicating which entity supplied
information for specific fields within the BOM.
$bom->citations->add($citation);
See L<SBOM::CycloneDX::Citation>.
=item $bom->properties
Provides the ability to document properties in a name-value store. This
provides flexibility to include data not officially supported in the
standard without having to use additional namespaces or create
extensions. Unlike key-value stores, properties support duplicate
names, each potentially having different values. Property names of
interest to the general public are encouraged to be registered in the
CycloneDX Property Taxonomy (L<https://github.com/CycloneDX/cyclonedx-property-taxonomy>).
Formal registration is optional.
$bom->definitions->add($property);
See L<SBOM::CycloneDX::Property>.
=item $bom->signature
Enveloped signature in JSON Signature Format (JSF) L<https://cyberphone.github.io/doc/security/jsf.html>.
=back
=head2 HELPERS
=over
lib/SBOM/CycloneDX.pm view on Meta::CPAN
=item $bom->get_component_by_purl($purl)
Return the component with specific PURL string.
if ($bom->get_component_by_purl($purl)) {
say "Found component with $purl PURL";
}
=item $bom->get_component_by_bom_ref($ref)
Return the component with specific BOM-Ref string.
if ($bom->get_component_by_bom_ref($bom_ref)) {
say "Found component with $bom_ref BOM-Ref";
}
=item $bom->get_vulnerabilities_for_bom_ref($bom_ref)
Return L<SBOM::CycloneDX::List> with a list of vulnerabilities with the same C<bom_ref>.
=item $bom->get_affected_components_by_cve ($cve_id)
Return L<SBOM::CycloneDX::List> with a list of components affected with the same C<cve_id>.
say $_->bom_ref for($bom->get_affected_components_by_cve('CVE-2025-12345')->list);
=item $bom->validate
Validates BOM file with the JSON Schema and return the L<JSON::Validator> errors.
my @errors = $bom->validate;
if (@errors) {
say $_ for @errors;
Carp::croak "Invalid BOM";
}
See L<SBOM::CycloneDX::Schema>.
=item $bom->to_string
Encode in JSON.
say $bom->to_string;
# or
say "$bom";
=item $bom->to_hash
Convert BOM object in HASH.
my $hashref = $bom->to_hash;
=item $bom->TO_JSON
Encode in JSON.
say encode_json($bom);
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Advisory.pm view on Meta::CPAN
package SBOM::CycloneDX::Advisory;
use 5.010001;
use strict;
use warnings;
use utf8;
use Types::Standard qw(Str);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has title => (is => 'rw', isa => Str);
has url => (is => 'rw', isa => Str, required => 1);
sub TO_JSON {
my $self = shift;
my $json = {url => $self->url};
lib/SBOM/CycloneDX/Advisory.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Advisory - Advisory
=head1 SYNOPSIS
SBOM::CycloneDX::Advisory->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Advisory> provide the title and location where advisory information
can be obtained. An advisory is a notification of a threat to a component,
service, or system.
=head2 METHODS
L<SBOM::CycloneDX::Advisory> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Advisory->new( %PARAMS )
Properties:
=over
=item * C<title>, A name of the advisory.
=item * C<url>, Location where the advisory can be obtained.
=back
lib/SBOM/CycloneDX/Advisory.pm view on Meta::CPAN
=item $advisory->url
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Annotation.pm view on Meta::CPAN
package SBOM::CycloneDX::Annotation;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::BomRef;
use SBOM::CycloneDX::List;
use SBOM::CycloneDX::Timestamp;
use Types::Standard qw(Str HashRef InstanceOf);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has bom_ref => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::BomRef'],
coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::BomRef->new($_[0]) }
);
has subjects => (is => 'rw', isa => ArrayLike [Str], required => 1, default => sub { SBOM::CycloneDX::List->new });
has annotator => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Annotation::Annotator']],
required => 1,
default => sub { SBOM::CycloneDX::List->new }
);
has timestamp => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::Timestamp'],
required => 1,
coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::Timestamp->new($_[0]) }
);
has text => (is => 'rw', isa => Str, required => 1);
has signature => (is => 'rw', isa => ArrayLike [HashRef], default => sub { SBOM::CycloneDX::List->new });
sub TO_JSON {
my $self = shift;
my $json = {
subjects => $self->subjects,
annotator => $self->annotator,
timestamp => $self->timestamp,
text => $self->text
lib/SBOM/CycloneDX/Annotation.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Annotation - Annotations
=head1 SYNOPSIS
SBOM::CycloneDX::Annotation->new();
=head1 DESCRIPTION
A comment, note, explanation, or similar textual content which provides
additional context to the object(s) being annotated.
=head2 METHODS
L<SBOM::CycloneDX::Annotation> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Annotation->new( %PARAMS )
Properties:
=over
=item * C<annotator>, The organization, person, component, or service which
created the textual content of the annotation.
=item * C<bom_ref>, An identifier which can be used to reference the
annotation elsewhere in the BOM. Every bom-ref must be unique within the
BOM.
Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid
conflicts with BOM-Links.
=item * C<signature>, Enveloped signature in JSON Signature Format (JSF)
(L<https://cyberphone.github.io/doc/security/jsf.html>).
=item * C<subjects>, The object in the BOM identified by its bom-ref. This is
often a component or service, but may be any object type supporting
bom-refs.
=item * C<text>, The textual content of the annotation.
=item * C<timestamp>, The date and time (timestamp) when the annotation was
created.
=back
lib/SBOM/CycloneDX/Annotation.pm view on Meta::CPAN
=item $annotation->timestamp
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Annotation/Annotator.pm view on Meta::CPAN
package SBOM::CycloneDX::Annotation::Annotator;
use 5.010001;
use strict;
use warnings;
use utf8;
use Carp;
use Types::Standard qw(InstanceOf);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has organization => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
has individual => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalContact']);
has component => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component']);
has service => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Service']);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{organization} = $self->organization if $self->organization;
$json->{individual} = $self->individual if $self->individual;
$json->{component} = $self->component if $self->component;
lib/SBOM/CycloneDX/Annotation/Annotator.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Annotation::Annotator - Annotator
=head1 SYNOPSIS
SBOM::CycloneDX::Annotation::Annotator->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Annotation::Annotator> provides the organization, person,
component, or service which created the textual content of the annotation.
=head2 METHODS
L<SBOM::CycloneDX::Annotation::Annotator> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Annotation::Annotator->new( %PARAMS )
Properties:
=over
=item * C<component>, The tool or component that created the annotation
=item * C<individual>, The person that created the annotation
=item * C<organization>, The organization that created the annotation
lib/SBOM/CycloneDX/Annotation/Annotator.pm view on Meta::CPAN
=item $annotator->service
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Attachment.pm view on Meta::CPAN
package SBOM::CycloneDX::Attachment;
use 5.010001;
use strict;
use warnings;
use utf8;
use Carp;
use Types::Standard qw(Str FileHandle Enum);
use MIME::Base64 qw(encode_base64);
use SBOM::CycloneDX::Util qw(file_read);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
my $BASE64_REGEXP = qr{^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$};
has file => (is => 'rw', isa => FileHandle | Str);
has content_type => (is => 'rw', isa => Str);
has encoding => (is => 'rw', isa => Enum [qw(base64)]);
has content => (is => 'rw', required => 1);
sub TO_JSON {
lib/SBOM/CycloneDX/Attachment.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Attachment - Attachment utility
=head1 SYNOPSIS
use SBOM::CycloneDX::Attachment;
# Base64 content
$attachment = SBOM::CycloneDX::Attachment->new(
content => 'Y29uc29sZS5sb2coJ0dvb2RCeWUnKQ==',
content_type => 'text/javascript'
);
# Plain content
$attachment = SBOM::CycloneDX::Attachment->new(
content => 'Copyright (C) Acme - All Rights Reserved',
content_type => 'text/plain'
);
# File handler
open(my $fh, "<", "/path/LICENSE.md");
$attachment = SBOM::CycloneDX::Attachment->new(
file => $fh
);
# File path
$attachment = SBOM::CycloneDX::Attachment->new(
file => $fh
);
=head1 DESCRIPTION
L<SBOM::CycloneDX::Attachment> is a attachment utility.
=head2 METHODS
L<SBOM::CycloneDX::Attachment> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Attachment->new( %PARAMS )
Create a new attachment object.
Parameters:
=over
=item * C<file>, File handle or file path
=item * C<content>, Plain content (text or BASE64 encoded)
=item * C<content_type>, content MIME/Type
=back
B<NOTE>: C<file> and C<content> cannot be used at the same time.
# Base64 content
$attachment = SBOM::CycloneDX::Attachment->new(
content => 'Y29uc29sZS5sb2coJ0dvb2RCeWUnKQ==',
content_type => 'text/javascript'
);
# Plain content
$attachment = SBOM::CycloneDX::Attachment->new(
content => 'Copyright (C) Acme - All Rights Reserved',
content_type => 'text/plain'
);
# File handler
open(my $fh, "<", "/path/LICENSE.md");
$attachment = SBOM::CycloneDX::Attachment->new(
file => $fh
);
# File path
$attachment = SBOM::CycloneDX::Attachment->new(
file => '/path/LICENSE.md'
);
=item $attachment->file
File handle or file path
=item $attachment->content_type
Specifies the format and nature of the data being attached, helping systems
lib/SBOM/CycloneDX/Attachment.pm view on Meta::CPAN
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Base.pm view on Meta::CPAN
package SBOM::CycloneDX::Base;
use 5.010001;
use strict;
use warnings;
use utf8;
use Cpanel::JSON::XS;
use overload '""' => \&to_string, fallback => 1;
lib/SBOM/CycloneDX/Base.pm view on Meta::CPAN
return $hash;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Base - Base class for SBOM::CycloneDX
=head1 SYNOPSIS
$component->to_string; # Convert object in JSON
$license->to_hash; # Convert object in HASH
$bom->TO_JSON; Helper for JSON packages
=head1 DESCRIPTION
L<SBOM::CycloneDX::BomRef> represents the BOM reference in L<SBOM::CycloneDX>.
=head2 METHODS
=over
=item SBOM::CycloneDX::Base->new( %PARAMS )
=item $base->to_string
Stringify BOM object in JSON.
=item $base->to_hash
Convert BOM object in HASH.
=item $base->TO_JSON
Helper method for JSON modules (L<JSON>, L<JSON::PP>, L<JSON::XS>, L<Mojo::JSON>, etc).
use Mojo::JSON qw(encode_json);
say encode_json($bom);
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/BomRef.pm view on Meta::CPAN
package SBOM::CycloneDX::BomRef;
use 5.010001;
use strict;
use warnings;
use utf8;
use Carp;
use Time::Piece;
use overload '""' => \&to_string, fallback => 1;
lib/SBOM/CycloneDX/BomRef.pm view on Meta::CPAN
sub to_string { shift->TO_JSON }
sub TO_JSON { shift->value }
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::BomRef - BOM-ref representation for CycloneDX
=head1 SYNOPSIS
$component->bom_ref(SBOM::CycloneDX::BomRef->new('app-component'));
=head1 DESCRIPTION
L<SBOM::CycloneDX::BomRef> represents the BOM reference in L<SBOM::CycloneDX>.
=head2 METHODS
=over
=item SBOM::CycloneDX::BomRef->new( %PARAMS )
=item $bom_ref->value
=item $bom_ref->to_string
=item $bom_ref->TO_JSON
Return BOM ref.
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Citation.pm view on Meta::CPAN
package SBOM::CycloneDX::Citation;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::BomRef;
use SBOM::CycloneDX::List;
use Moo;
use namespace::autoclean;
use Types::Standard qw(Str InstanceOf HashRef);
use Types::TypeTiny qw(ArrayLike);
extends 'SBOM::CycloneDX::Base';
has bom_ref => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::BomRef'],
coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::BomRef->new($_[0]) }
);
has pointers => (is => 'rw', isa => ArrayLike [Str], default => sub { SBOM::CycloneDX::List->new });
has expressions => (is => 'rw', isa => ArrayLike [Str], default => sub { SBOM::CycloneDX::List->new });
has timestamp => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::Timestamp'],
required => 1,
coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::Timestamp->new($_[0]) }
);
has attributed_to => (is => 'rw', isa => Str);
has process => (is => 'rw', isa => Str);
has note => (is => 'rw', isa => Str);
has signature => (is => 'rw', isa => HashRef);
lib/SBOM/CycloneDX/Citation.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Citation - Citation
=head1 SYNOPSIS
SBOM::CycloneDX::Citation->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Citation> Details a specific attribution of data within
the BOM to a contributing entity or process.
=head2 METHODS
L<SBOM::CycloneDX::Citation> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Citation->new( %PARAMS )
Properties:
=over
=item * C<attributed_to>, The C<bom-ref> of an object, such as a component,
service, tool, organisational entity, or person that supplied the cited
information.
At least one of the "attributed_to" or "process" elements must be present.
=item * C<bom_ref>, BOM Reference
=item * C<expressions>, One or more path expressions used to locate values
within a BOM.
Exactly one of the "pointers" or "expressions" elements must be present.
=item * C<note>, A description or comment about the context or quality of the
data attribution.
=item * C<pointers>, One or more "JSON
Pointers" (L<https://datatracker.ietf.org/doc/html/rfc6901)> identifying the
BOM fields to which the attribution applies.
Exactly one of the "pointers" or "expressions" elements must be present.
=item * C<process>, The C<bom-ref> to a process (such as a formula, workflow,
task, or step) defined in the C<formulation> section that executed or
generated the attributed data.
At least one of the "attributed_to" or "process" elements must be present.
=item * C<signature>, A digital signature verifying the authenticity or
integrity of the attribution.
lib/SBOM/CycloneDX/Citation.pm view on Meta::CPAN
=item $citation->timestamp
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component.pm view on Meta::CPAN
package SBOM::CycloneDX::Component;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::BomRef;
use SBOM::CycloneDX::Enum;
use SBOM::CycloneDX::List;
use JSON::PP;
use Types::Standard qw(Str StrMatch Bool Enum InstanceOf HashRef);
use Types::TypeTiny qw(ArrayLike);
use URI::PackageURL;
use URI::VersionRange;
use Moo;
use namespace::autoclean;
around BUILDARGS => sub {
my ($orig, $class, @args) = @_;
return {type => $args[0]} if @args == 1 && !ref $args[0];
return $class->$orig(@args);
};
extends 'SBOM::CycloneDX::Base';
has type => (is => 'rw', isa => Enum [SBOM::CycloneDX::Enum->values('COMPONENT_TYPE')], required => 1);
has mime_type => (is => 'rw', isa => StrMatch [qr{^[-+a-z0-9.]+/[-+a-z0-9.]+$}]);
has bom_ref => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::BomRef'],
coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::BomRef->new($_[0]) }
);
has supplier => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
has manufacturer => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
has authors => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::OrganizationalContact']],
default => sub { SBOM::CycloneDX::List->new }
);
has author => (is => 'rw', isa => Str); # Deprecated in 1.6
has publisher => (is => 'rw', isa => Str);
has group => (is => 'rw', isa => Str);
has name => (is => 'rw', isa => Str, required => 1);
lib/SBOM/CycloneDX/Component.pm view on Meta::CPAN
has version_range => (is => 'rw', isa => InstanceOf ['URI::VersionRange'], coerce => sub { _vers_parse($_[0]) });
has is_external => (is => 'rw', isa => Bool); # Added in 1.7
has description => (is => 'rw', isa => Str);
has scope => (is => 'rw', isa => Enum [qw(required optional excluded)]); # Default required
has hashes => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Hash']],
default => sub { SBOM::CycloneDX::List->new }
);
has licenses => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::License']],
default => sub { SBOM::CycloneDX::List->new }
);
has copyright => (is => 'rw', isa => Str);
has patent_assertions => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::PatentAssertions']],
default => sub { SBOM::CycloneDX::List->new }
);
has cpe => (is => 'rw', isa => Str);
has purl => (is => 'rw', isa => InstanceOf ['URI::PackageURL'], coerce => sub { _purl_parse($_[0]) });
has omnibor_id => (is => 'rw', isa => ArrayLike [Str], default => sub { SBOM::CycloneDX::List->new });
has swhid => (is => 'rw', isa => ArrayLike [Str], default => sub { SBOM::CycloneDX::List->new });
has swid => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::SWID']);
has modified => (is => 'rw', isa => Bool); # Deprecated in 1.4
has pedigree => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::Pedigree']);
has external_references => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::ExternalReference']],
default => sub { SBOM::CycloneDX::List->new }
);
has components => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
default => sub { SBOM::CycloneDX::List->new }
);
has evidence => (is => 'rw', isa => Str); # TODO
has release_notes => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::ReleaseNotes']);
has model_card => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::ModelCard']);
has data => (is => 'rw', isa => ArrayLike [Str], default => sub { SBOM::CycloneDX::List->new }); # TODO
has crypto_properties => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::CryptoProperties']);
has properties => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Property']],
default => sub { SBOM::CycloneDX::List->new }
);
has tags => (is => 'rw', isa => ArrayLike [Str], default => sub { SBOM::CycloneDX::List->new });
has signature => (is => 'rw', isa => HashRef); # TODO
sub _purl_parse {
my $purl = shift;
return $purl if (ref $purl eq 'URI::PackageURL');
return URI::PackageURL->from_string($purl);
lib/SBOM/CycloneDX/Component.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component - Component
=head1 SYNOPSIS
SBOM::CycloneDX::Component->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component>
=head2 METHODS
L<SBOM::CycloneDX::Component> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component->new( %PARAMS )
Properties:
=over
=item * C<author>, [Deprecated] This will be removed in a future version. Use
"authors" or "manufacturer" methods instead.
The person(s) or organization(s) that authored the component
=item * C<authors>, The person(s) who created the component.
Authors are common in components created through manual processes.
Components created through automated means may have "manufacturer" method
instead.
=item * C<bom_ref>, An identifier which can be used to reference the component
elsewhere in the BOM. Every bom-ref must be unique within the BOM.
Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts
with BOM-Links.
=item * C<components>, A list of software and hardware components included in
the parent component. This is not a dependency tree. It provides a way to
specify a hierarchical representation of component assemblies, similar to
system → subsystem → parts assembly in physical supply chains.
=item * C<copyright>, A copyright notice informing users of the underlying
claims to copyright ownership in a published work.
=item * C<cpe>, Asserts the identity of the component using CPE. The CPE must
lib/SBOM/CycloneDX/Component.pm view on Meta::CPAN
=item * C<data>, This object SHOULD be specified for any component of type
`data` and must not be specified for other component types.
=item * C<description>, Specifies a description for the component
=item * C<evidence>, Provides the ability to document evidence collected
through various forms of extraction or analysis.
=item * C<external_references>, External references provide a way to document
systems, sites, and information that may be relevant but are not included
with the BOM. They may also establish specific relationships within or
external to the BOM.
=item * C<group>, The grouping name or identifier. This will often be a
shortened, single name of the company or project that produced the
component, or the source package or domain name. Whitespace and special
characters should be avoided. Examples include: apache, org.apache.commons,
and apache.org.
=item * C<hashes>, The hashes of the component.
=item * C<is_external>, Determine whether this component is external.
An external component is one that is not part of an assembly, but is expected
to be provided by the environment, regardless of the component's C<scope>. This
setting can be useful for distinguishing which components are bundled with the
product and which can be relied upon to be present in the deployment
environment.
This may be set to C<true> for runtime components only.
For L<SBOM::CycloneDX::Metadata> C<component>, it must be set to C<false>.
=item * C<licenses>, Component License(s)
=item * C<manufacturer>, The organization that created the component.
Manufacturer is common in components created through automated processes.
Components created through manual means may have `@.authors` instead.
=item * C<mime_type>, The mime-type of the component. When used on file
components, the mime-type can provide additional context about the kind of file
being represented, such as an image, font, or executable. Some library or
lib/SBOM/CycloneDX/Component.pm view on Meta::CPAN
=item * C<purl>, Asserts the identity of the component using package-url
(purl). The purl, if specified, must be valid and conform to the
specification defined at L<https://github.com/package-url/purl-spec>).
Refer to "evidence->identity" method to optionally provide evidence
that substantiates the assertion of the component's identity.
=item * C<release_notes>, Specifies release notes.
=item * C<scope>, Specifies the scope of the component. If scope is not
specified, 'required' scope SHOULD be assumed by the consumer of the BOM.
=item * C<signature>, Enveloped signature in JSON Signature Format
(JSF) (L<https://cyberphone.github.io/doc/security/jsf.html>).
=item * C<supplier>, The organization that supplied the component. The
supplier may often be the manufacturer, but may also be a distributor or
repackager.
=item * C<swhid>, Asserts the identity of the component using the Software
Heritage persistent identifier (SWHID). The SWHID, if specified, must be
lib/SBOM/CycloneDX/Component.pm view on Meta::CPAN
=item $component->version_range
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/Commit.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::Commit;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(Str InstanceOf);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has uid => (is => 'rw', isa => Str);
has url => (is => 'rw', isa => Str);
has author => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::IdentifiableAction']);
has committer => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::IdentifiableAction']);
has message => (is => 'rw', isa => Str);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{uid} = $self->uid if $self->uid;
$json->{url} = $self->url if $self->url;
lib/SBOM/CycloneDX/Component/Commit.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::Commit - Commit
=head1 SYNOPSIS
SBOM::CycloneDX::Component::Commit->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::Commit> specifies an individual commit.
=head2 METHODS
L<SBOM::CycloneDX::Component::Commit> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::Commit->new( %PARAMS )
Properties:
=over
=item * C<author>, The author who created the changes in the commit
=item * C<committer>, The person who committed or pushed the commit
=item * C<message>, The text description of the contents of the commit
lib/SBOM/CycloneDX/Component/Commit.pm view on Meta::CPAN
=item $commit->url
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/ConfidenceInterval.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::ConfidenceInterval;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(Str InstanceOf);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has lower_bound => (is => 'rw', isa => Str);
has upper_bound => (is => 'rw', isa => Str);
sub TO_JSON {
my $self = shift;
my $json = {};
lib/SBOM/CycloneDX/Component/ConfidenceInterval.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::ConfidenceInterval - Confidence Interval
=head1 SYNOPSIS
SBOM::CycloneDX::Component::ConfidenceInterval->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::ConfidenceInterval> The confidence interval
of the metric.
=head2 METHODS
L<SBOM::CycloneDX::Component::ConfidenceInterval> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::ConfidenceInterval->new( %PARAMS )
Properties:
=over
=item * C<lower_bound>, The lower bound of the confidence interval.
=item * C<upper_bound>, The upper bound of the confidence interval.
=back
lib/SBOM/CycloneDX/Component/ConfidenceInterval.pm view on Meta::CPAN
=item $confidence_interval->upper_bound
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/Diff.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::Diff;
use 5.010001;
use strict;
use warnings;
use utf8;
use Types::Standard qw(Str);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has text => (is => 'rw', isa => Str);
has url => (is => 'rw', isa => Str);
sub TO_JSON {
my $self = shift;
my $json = {};
lib/SBOM/CycloneDX/Component/Diff.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::Diff - Diff
=head1 SYNOPSIS
SBOM::CycloneDX::Component::Diff->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::Diff> provides the patch file (or diff) that shows
changes. Refer to L<https://en.wikipedia.org/wiki/Diff>
=head2 METHODS
L<SBOM::CycloneDX::Component::Diff> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::Diff->new( %PARAMS )
Properties:
=over
=item * C<text>, Specifies the text of the diff
=item * C<url>, Specifies the URL to the diff
=back
lib/SBOM/CycloneDX/Component/Diff.pm view on Meta::CPAN
=item $diff->url
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/Graphic.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::Graphic;
use 5.010001;
use strict;
use warnings;
use utf8;
use Types::Standard qw(Str InstanceOf);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has name => (is => 'rw', isa => Str);
has image => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Attachment']);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{name} = $self->name if $self->name;
$json->{image} = $self->image if $self->image;
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::Graphic - Graphic
=head1 SYNOPSIS
SBOM::CycloneDX::Component::Graphic->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::Graphic> provides the graphic object.
=head2 METHODS
L<SBOM::CycloneDX::Component::Graphic> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::Graphic->new( %PARAMS )
Properties:
=over
=item * C<image>, The graphic (vector or raster). Base64 encoding must be
specified for binary images.
=item * C<name>, The name of the graphic.
lib/SBOM/CycloneDX/Component/Graphic.pm view on Meta::CPAN
=item $graphic->name
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/GraphicsCollection.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::GraphicsCollection;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(Str InstanceOf);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has description => (is => 'rw', isa => Str);
has collection => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component::Graphic']],
default => sub { SBOM::CycloneDX::List->new }
);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{description} = $self->description if $self->description;
lib/SBOM/CycloneDX/Component/GraphicsCollection.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::GraphicsCollection - Graphics Collection
=head1 SYNOPSIS
SBOM::CycloneDX::Component::GraphicsCollection->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::GraphicsCollection> provides a collection of graphics
that represent various measurements.
=head2 METHODS
L<SBOM::CycloneDX::Component::GraphicsCollection> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::GraphicsCollection->new( %PARAMS )
Properties:
=over
=item * C<collection>, A collection of graphics.
=item * C<description>, A description of this collection of graphics.
=back
lib/SBOM/CycloneDX/Component/GraphicsCollection.pm view on Meta::CPAN
=item $graphics_collection->description
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/ModelCard.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::ModelCard;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::BomRef;
use SBOM::CycloneDX::List;
use Types::Standard qw(Str InstanceOf);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has bom_ref => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::BomRef'],
coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::BomRef->new($_[0]) }
);
has model_parameters => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::ModelParameters']);
has quantitative_analysis => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::QuantitativeAnalysis']);
has considerations => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::Considerations']);
has properties => (is => 'rw', isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Property']]);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{bom} = $self->bom if $self->bom;
$json->{modelParameters} = $self->model_parameters if $self->model_parameters;
$json->{quantitativeAnalysis} = $self->quantitativeAnalysis if $self->quantitative_analysis;
lib/SBOM/CycloneDX/Component/ModelCard.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::ModelCard - Model Card
=head1 SYNOPSIS
SBOM::CycloneDX::Component::ModelCard->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::ModelCard> provides a model card describes the
intended uses of a machine learning model and potential limitations,
including biases and ethical considerations. Model cards typically contain
the training parameters, which datasets were used to train the model,
performance metrics, and other relevant data useful for ML transparency.
This object SHOULD be specified for any component of type
`machine-learning-model` and must not be specified for other component
types.
=head2 METHODS
L<SBOM::CycloneDX::Component::ModelCard> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::ModelCard->new( %PARAMS )
Properties:
=over
=item * C<bom_ref>, An identifier which can be used to reference the
model card elsewhere in the BOM. Every bom-ref must be unique within the
BOM.
Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid
conflicts with BOM-Links.
=item * C<considerations>, What considerations should be taken into account
regarding the model's construction, training, and application?
=item * C<model_parameters>, Hyper-parameters for construction of the model.
=item * C<properties>, Provides the ability to document properties in a
name-value store. This provides flexibility to include data not officially
supported in the standard without having to use additional namespaces or
create extensions. Unlike key-value stores, properties support duplicate
lib/SBOM/CycloneDX/Component/ModelCard.pm view on Meta::CPAN
=item $model_card->quantitative_analysis
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/Patch.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::Patch;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(Str InstanceOf Enum);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has type => (is => 'rw', isa => Enum [qw(unofficial monkey backport cherry-pick)]);
has diff => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::Diff']);
has resolves => (is => 'rw', isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Issue']]);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{type} = $self->type if $self->type;
$json->{diff} = $self->diff if $self->diff;
$json->{resolves} = $self->resolves if @{$self->resolves};
lib/SBOM/CycloneDX/Component/Patch.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::Patch - Patch
=head1 SYNOPSIS
SBOM::CycloneDX::Component::Patch->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::Patch> specifies an individual patch
=head2 METHODS
L<SBOM::CycloneDX::Component::Patch> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::Patch->new( %PARAMS )
Properties:
=over
=item * C<diff>, The patch file (or diff) that shows changes. Refer to
L<https://en.wikipedia.org/wiki/Diff>
=item * C<resolves>, A collection of issues the patch resolves
lib/SBOM/CycloneDX/Component/Patch.pm view on Meta::CPAN
=item $patch->type
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/Pedigree.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::Pedigree;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(InstanceOf Str);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has ancestors => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
default => sub { SBOM::CycloneDX::List->new }
);
has descendants => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
default => sub { SBOM::CycloneDX::List->new }
);
has variants => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
default => sub { SBOM::CycloneDX::List->new }
);
has commits => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component::Commit']],
default => sub { SBOM::CycloneDX::List->new }
);
has patches => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component::Patch']],
default => sub { SBOM::CycloneDX::List->new }
);
has notes => (is => 'rw', isa => Str);
sub TO_JSON {
my $self = shift;
my $json = {};
lib/SBOM/CycloneDX/Component/Pedigree.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::Pedigree - Component Pedigree
=head1 SYNOPSIS
SBOM::CycloneDX::Component::Pedigree->new();
=head1 DESCRIPTION
Component pedigree is a way to document complex supply chain scenarios where
components are created, distributed, modified, redistributed, combined with
other components, etc.
Pedigree supports viewing this complex chain from the beginning, the end,
or anywhere in the middle. It also provides a way to document variants
where the exact relation may not be known.
=head2 METHODS
L<SBOM::CycloneDX::Component::Pedigree> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::Pedigree->new( %PARAMS )
Properties:
=over
=item * C<ancestors>, Describes zero or more components in which a component
is derived from. This is commonly used to describe forks from existing
projects where the forked version contains a ancestor node containing the
original component it was forked from. For example, Component A is the
original component. Component B is the component being used and documented
in the BOM. However, Component B contains a pedigree node with a single
ancestor documenting Component A - the original component from which
Component B is derived from.
=item * C<commits>, A list of zero or more commits which provide a trail
describing how the component deviates from an ancestor, descendant, or
variant.
=item * C<descendants>, Descendants are the exact opposite of ancestors. This
provides a way to document all forks (and their forks) of an original or
root component.
lib/SBOM/CycloneDX/Component/Pedigree.pm view on Meta::CPAN
=item $pedigree->variants
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/PerformanceMetric.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::PerformanceMetric;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(Str InstanceOf);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has type => (is => 'rw', isa => Str);
has value => (is => 'rw', isa => Str);
has slice => (is => 'rw', isa => Str);
has confidence_interval => (is => 'rw', isa => Str);
sub TO_JSON {
my $self = shift;
lib/SBOM/CycloneDX/Component/PerformanceMetric.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::PerformanceMetric - Performance Metric
=head1 SYNOPSIS
SBOM::CycloneDX::Component::PerformanceMetric->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::PerformanceMetric> provides the model performance
metrics being reported. Examples may include accuracy, F1 score, precision,
top-3 error rates, MSC, etc.
=head2 METHODS
L<SBOM::CycloneDX::Component::PerformanceMetric> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::PerformanceMetric->new( %PARAMS )
Properties:
=over
=item * C<confidence_interval>, The confidence interval of the metric.
=item * C<slice>, The name of the slice this metric was computed on. By
default, assume this metric is not sliced.
lib/SBOM/CycloneDX/Component/PerformanceMetric.pm view on Meta::CPAN
=item $performance_metric->value
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/QuantitativeAnalysis.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::QuantitativeAnalysis;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::List;
use Types::Standard qw(InstanceOf);
use Types::TypeTiny qw(ArrayLike);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has performance_metrics => (
is => 'rw',
isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component::PerformanceMetric']],
default => sub { SBOM::CycloneDX::List->new }
);
has graphics => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component::GraphicsCollection']);
sub TO_JSON {
my $self = shift;
my $json = {};
$json->{performanceMetrics} = $self->performance_metrics if @{$self->performance_metrics};
$json->{graphics} = $self->graphics if %{$self->graphics->TO_JSON};
lib/SBOM/CycloneDX/Component/QuantitativeAnalysis.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::QuantitativeAnalysis - Quantitative Analysis
=head1 SYNOPSIS
SBOM::CycloneDX::Component::QuantitativeAnalysis->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::QuantitativeAnalysis> provides a quantitative
analysis of the model.
=head2 METHODS
L<SBOM::CycloneDX::Component::QuantitativeAnalysis> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::QuantitativeAnalysis->new( %PARAMS )
Properties:
=over
=item * C<performance_metrics>, The model performance metrics being reported.
Examples may include accuracy, F1 score, precision, top-3 error rates, MSC,
etc.
=item * C<graphics>, A collection of graphics that represent various measurements.
lib/SBOM/CycloneDX/Component/QuantitativeAnalysis.pm view on Meta::CPAN
=item $quantitative_analysis->graphics
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/Component/SWID.pm view on Meta::CPAN
package SBOM::CycloneDX::Component::SWID;
use 5.010001;
use strict;
use warnings;
use utf8;
use Types::Standard qw(Str);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has tag_id => (is => 'rw', isa => Str, required => 1);
has name => (is => 'rw', isa => Str, required => 1);
has version => (is => 'rw', isa => Str);
has tag_version => (is => 'rw', isa => Str);
has patch => (is => 'rw', isa => Str);
has text => (is => 'rw', isa => Str);
has url => (is => 'rw', isa => Str);
sub TO_JSON {
lib/SBOM/CycloneDX/Component/SWID.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::Component::SWID - SWID Tag
=head1 SYNOPSIS
SBOM::CycloneDX::Component::SWID->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::Component::SWID> specifies metadata and content for
ISO-IEC 19770-2 Software Identification (SWID) Tags.
=head2 METHODS
L<SBOM::CycloneDX::Component::SWID> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::Component::SWID->new( %PARAMS )
Properties:
=over
=item * C<name>, Maps to the name of a SoftwareIdentity.
=item * C<patch>, Maps to the patch of a SoftwareIdentity.
=item * C<tag_id>, Maps to the tagId of a SoftwareIdentity.
lib/SBOM/CycloneDX/Component/SWID.pm view on Meta::CPAN
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
lib/SBOM/CycloneDX/CryptoProperties.pm view on Meta::CPAN
package SBOM::CycloneDX::CryptoProperties;
use 5.010001;
use strict;
use warnings;
use utf8;
use SBOM::CycloneDX::CryptoProperties::AlgorithmProperties;
use SBOM::CycloneDX::CryptoProperties::CertificateProperties;
use SBOM::CycloneDX::CryptoProperties::RelatedCryptoMaterialProperties;
use SBOM::CycloneDX::CryptoProperties::ProtocolProperties;
use SBOM::CycloneDX::Enum;
use Types::Standard qw(Str Enum InstanceOf);
use Moo;
use namespace::autoclean;
extends 'SBOM::CycloneDX::Base';
has asset_type => (is => 'rw', isa => Enum [SBOM::CycloneDX::Enum->values('CRYPTO_ASSET_TYPE')], required => 1);
has algorithm_properties => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::CryptoProperties::AlgorithmProperties'],
default => sub { SBOM::CycloneDX::CryptoProperties::AlgorithmProperties->new }
);
has certificate_properties => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::CryptoProperties::CertificateProperties'],
default => sub { SBOM::CycloneDX::CryptoProperties::CertificateProperties->new }
);
has related_crypto_material_properties => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::CryptoProperties::RelatedCryptoMaterialProperties'],
default => sub { SBOM::CycloneDX::CryptoProperties::RelatedCryptoMaterialProperties->new }
);
has protocol_properties => (
is => 'rw',
isa => InstanceOf ['SBOM::CycloneDX::CryptoProperties::ProtocolProperties'],
default => sub { SBOM::CycloneDX::CryptoProperties::ProtocolProperties->new }
);
has oid => (is => 'rw', isa => Str);
sub TO_JSON {
my $self = shift;
my $json = {};
lib/SBOM/CycloneDX/CryptoProperties.pm view on Meta::CPAN
return $json;
}
1;
=encoding utf-8
=head1 NAME
SBOM::CycloneDX::CryptoProperties - Cryptographic Properties
=head1 SYNOPSIS
SBOM::CycloneDX::CryptoProperties->new();
=head1 DESCRIPTION
L<SBOM::CycloneDX::CryptoProperties> Cryptographic assets have properties
that uniquely define them and that make them actionable for further
reasoning. As an example, it makes a difference if one knows the algorithm
family (e.g. AES) or the specific variant or instantiation (e.g.
AES-128-GCM). This is because the security level and the algorithm
primitive (authenticated encryption) are only defined by the definition of
the algorithm variant. The presence of a weak cryptographic algorithm like
SHA1 vs. HMAC-SHA1 also makes a difference.
=head2 METHODS
L<SBOM::CycloneDX::CryptoProperties> inherits all methods from L<SBOM::CycloneDX::Base>
and implements the following new ones.
=over
=item SBOM::CycloneDX::CryptoProperties->new( %PARAMS )
Properties:
=over
=item * C<algorithm_properties>, Additional properties specific to a
cryptographic algorithm.
=item * C<asset_type>, Cryptographic assets occur in several forms.
Algorithms and protocols are most commonly implemented in specialized
lib/SBOM/CycloneDX/CryptoProperties.pm view on Meta::CPAN
=item $crypto_properties->related_crypto_material_properties
=back
=head1 SUPPORT
=head2 Bugs / Feature Requests
Please report any bugs or feature requests through the issue tracker
at L<https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues>.
You will be notified automatically of any progress on your issue.
=head2 Source Code
This is open source software. The code repository is available for
public review and contribution under the terms of the license.
L<https://github.com/giterlizzi/perl-SBOM-CycloneDX>
git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
=head1 AUTHOR
=over 4
=item * Giuseppe Di Terlizzi <gdt@cpan.org>
=back
( run in 2.000 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )