cdx-proto
    Preparing search index...

    Type Alias Component

    Component: Message<"cyclonedx.v1_5.Component"> & {
        author?: string;
        bomRef?: string;
        components: cdx_15.Component[];
        copyright?: string;
        cpe?: string;
        data?: cdx_15.ComponentData;
        description?: string;
        evidence?: cdx_15.Evidence;
        externalReferences: cdx_15.ExternalReference[];
        group?: string;
        hashes: cdx_15.Hash[];
        licenses: cdx_15.LicenseChoice[];
        mimeType?: string;
        modelCard?: cdx_15.ModelCard;
        modified?: boolean;
        name: string;
        pedigree?: cdx_15.Pedigree;
        properties: cdx_15.Property[];
        publisher?: string;
        purl?: string;
        releaseNotes?: cdx_15.ReleaseNotes;
        scope?: cdx_15.Scope;
        supplier?: cdx_15.OrganizationalEntity;
        swid?: cdx_15.Swid;
        type: cdx_15.Classification;
        version: string;
    }

    Type declaration

    • Optionalauthor?: string

      The person(s) or organization(s) that authored the component

      from field: optional string author = 5;

    • OptionalbomRef?: string

      An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.

      from field: optional string bom_ref = 3;

    • components: cdx_15.Component[]

      Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.

      from field: repeated cyclonedx.v1_5.Component components = 21;

    • Optionalcopyright?: string

      An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.

      from field: optional string copyright = 14;

    • Optionalcpe?: string

      DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe

      from field: optional string cpe = 15;

    • Optionaldata?: cdx_15.ComponentData

      This object SHOULD be specified for any component of type data and MUST NOT be specified for other component types.

      from field: optional cyclonedx.v1_5.ComponentData data = 26;

    • Optionaldescription?: string

      Specifies a description for the component

      from field: optional string description = 10;

    • Optionalevidence?: cdx_15.Evidence

      Specifies optional license and copyright evidence

      from field: optional cyclonedx.v1_5.Evidence evidence = 23;

    • externalReferences: cdx_15.ExternalReference[]

      Provides the ability to document external references related to the component or to the project the component describes.

      from field: repeated cyclonedx.v1_5.ExternalReference external_references = 20;

    • Optionalgroup?: string

      The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.

      from field: optional string group = 7;

    • hashes: cdx_15.Hash[]

      from field: repeated cyclonedx.v1_5.Hash hashes = 12;

    • licenses: cdx_15.LicenseChoice[]

      from field: repeated cyclonedx.v1_5.LicenseChoice licenses = 13;

    • OptionalmimeType?: string

      The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.

      from field: optional string mime_type = 2;

    • OptionalmodelCard?: cdx_15.ModelCard

      A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.

      from field: optional cyclonedx.v1_5.ModelCard modelCard = 25;

    • Optionalmodified?: boolean

      DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original.

      from field: optional bool modified = 18;

    • name: string

      The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery

      from field: string name = 8;

    • Optionalpedigree?: cdx_15.Pedigree

      Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.

      from field: optional cyclonedx.v1_5.Pedigree pedigree = 19;

    • properties: cdx_15.Property[]

      Specifies optional, custom, properties

      from field: repeated cyclonedx.v1_5.Property properties = 22;

    • Optionalpublisher?: string

      The person(s) or organization(s) that published the component

      from field: optional string publisher = 6;

    • Optionalpurl?: string

      Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec

      from field: optional string purl = 16;

    • OptionalreleaseNotes?: cdx_15.ReleaseNotes

      Specifies optional release notes.

      from field: optional cyclonedx.v1_5.ReleaseNotes releaseNotes = 24;

    • Optionalscope?: cdx_15.Scope

      Specifies the scope of the component. If scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM

      from field: optional cyclonedx.v1_5.Scope scope = 11;

    • Optionalsupplier?: cdx_15.OrganizationalEntity

      The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.

      from field: optional cyclonedx.v1_5.OrganizationalEntity supplier = 4;

    • Optionalswid?: cdx_15.Swid

      Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.

      from field: optional cyclonedx.v1_5.Swid swid = 17;

    • type: cdx_15.Classification

      Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.

      from field: cyclonedx.v1_5.Classification type = 1;

    • version: string

      The component version. The version should ideally comply with semantic versioning but is not enforced. Version was made optional in v1.4 of the spec. For backward compatibility, it is RECOMMENDED to use an empty string to represent components without version information.

      from field: string version = 9;

    from message cyclonedx.v1_5.Component

    Settings

    Member Visibility