cdx-proto
    Preparing search index...

    Type Alias Component

    Component: Message<"cyclonedx.v1_6.Component"> & {
        author?: string;
        authors: OrganizationalContact[];
        bomRef?: string;
        components: Component[];
        copyright?: string;
        cpe?: string;
        cryptoProperties?: CryptoProperties;
        data?: ComponentData;
        description?: string;
        evidence?: Evidence;
        externalReferences: ExternalReference[];
        group?: string;
        hashes: Hash[];
        licenses: LicenseChoice[];
        manufacturer?: OrganizationalEntity;
        mimeType?: string;
        modelCard?: ModelCard;
        modified?: boolean;
        name: string;
        omniborId: string[];
        pedigree?: Pedigree;
        properties: Property[];
        publisher?: string;
        purl?: string;
        releaseNotes?: ReleaseNotes;
        scope?: Scope;
        supplier?: OrganizationalEntity;
        swhid: string[];
        swid?: Swid;
        tags: string[];
        type: Classification;
        version: string;
    }

    Type declaration

    • Optionalauthor?: string

      DEPRECATED - DO NOT USE - This will be removed in a future version - Use .authors or .manufacturer instead. The person(s) or organization(s) that authored the component

      from field: optional string author = 5 [deprecated = true];

    • authors: OrganizationalContact[]

      The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have .manufacturer instead.

      from field: repeated cyclonedx.v1_6.OrganizationalContact authors = 29;

    • OptionalbomRef?: string

      An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.

      from field: optional string bom_ref = 3;

    • components: Component[]

      Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.

      from field: repeated cyclonedx.v1_6.Component components = 21;

    • Optionalcopyright?: string

      An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.

      from field: optional string copyright = 14;

    • Optionalcpe?: string

      DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe

      from field: optional string cpe = 15;

    • OptionalcryptoProperties?: CryptoProperties

      Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.

      from field: optional cyclonedx.v1_6.CryptoProperties cryptoProperties = 27;

    • Optionaldata?: ComponentData

      This object SHOULD be specified for any component of type data and MUST NOT be specified for other component types.

      from field: optional cyclonedx.v1_6.ComponentData data = 26;

    • Optionaldescription?: string

      Specifies a description for the component

      from field: optional string description = 10;

    • Optionalevidence?: Evidence

      Specifies optional license and copyright evidence

      from field: optional cyclonedx.v1_6.Evidence evidence = 23;

    • externalReferences: ExternalReference[]

      Provides the ability to document external references related to the component or to the project the component describes.

      from field: repeated cyclonedx.v1_6.ExternalReference external_references = 20;

    • Optionalgroup?: string

      The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.

      from field: optional string group = 7;

    • hashes: Hash[]

      from field: repeated cyclonedx.v1_6.Hash hashes = 12;

    • licenses: LicenseChoice[]

      from field: repeated cyclonedx.v1_6.LicenseChoice licenses = 13;

    • Optionalmanufacturer?: OrganizationalEntity

      The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have .authors instead.

      from field: optional cyclonedx.v1_6.OrganizationalEntity manufacturer = 28;

    • OptionalmimeType?: string

      The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.

      from field: optional string mime_type = 2;

    • OptionalmodelCard?: ModelCard

      A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.

      from field: optional cyclonedx.v1_6.ModelCard modelCard = 25;

    • Optionalmodified?: boolean

      DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original.

      from field: optional bool modified = 18;

    • name: string

      The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery

      from field: string name = 8;

    • omniborId: string[]

      Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid

      from field: repeated string omniborId = 31;

    • Optionalpedigree?: Pedigree

      Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.

      from field: optional cyclonedx.v1_6.Pedigree pedigree = 19;

    • properties: Property[]

      Specifies optional, custom, properties

      from field: repeated cyclonedx.v1_6.Property properties = 22;

    • Optionalpublisher?: string

      The person(s) or organization(s) that published the component

      from field: optional string publisher = 6;

    • Optionalpurl?: string

      Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec

      from field: optional string purl = 16;

    • OptionalreleaseNotes?: ReleaseNotes

      Specifies optional release notes.

      from field: optional cyclonedx.v1_6.ReleaseNotes releaseNotes = 24;

    • Optionalscope?: Scope

      Specifies the scope of the component. If a scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM

      from field: optional cyclonedx.v1_6.Scope scope = 11;

    • Optionalsupplier?: OrganizationalEntity

      The organization that supplied the component. The supplier may often be the manufacturer but may also be a distributor or repackager.

      from field: optional cyclonedx.v1_6.OrganizationalEntity supplier = 4;

    • swhid: string[]

      Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html

      from field: repeated string swhid = 32;

    • Optionalswid?: Swid

      Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.

      from field: optional cyclonedx.v1_6.Swid swid = 17;

    • tags: string[]

      Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".

      from field: repeated string tags = 30;

    • type: Classification

      Specifies the type of component. For software components, classify as an application if no more specific appropriate classification is available or cannot be determined for the component.

      from field: cyclonedx.v1_6.Classification type = 1;

    • version: string

      The component version. The version should ideally comply with semantic versioning but is not enforced. Version was made optional in v1.4 of the spec. For backward compatibility, it is RECOMMENDED to use an empty string to represent components without version information.

      from field: string version = 9;

    from message cyclonedx.v1_6.Component

    Settings

    Member Visibility