Standard BOM Format Library

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hakandilek from gravatar.com hakandilek Avatar for jensenthomas from gravatar.com jensenthomas Avatar for leoreinmann from gravatar.com leoreinmann

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: Hakan Dilek
  • Tags sbom , software-bill-of-materials , cyclonedx , cdx
  • Requires: Python <4.0, >=3.10
Classifiers
Report project as malware

Project description

Standard BOM for Python

build coverage GitHub Tag

A Python library for creating and consuming documents in standard-bom format.

"Standard BOM" is our Siemens-internal SBOM format based on the Siemens CycloneDX Property Taxonomy, which is 100% compatible with the CycloneDX.

Every Standard BOM document is a 100% CycloneDX document, so both CycloneDX and Standard BOM formats are supported both for reading and writing SBOMs with this library.

Installation

To install the library, run following command ...

... for pip:

pip install siemens-standard-bom

... for Poetry:

poetry add siemens-standard-bom

The library provides Standard BOM parser and serializer classes. The parser class is used to read a Standard BOM from a file, and the serializer class is used to write a Standard BOM to a file.

💡 Hint: This library provides strict type checking using mypy. Using mypy with strict type checks in your own codebase is recommended to ensure type safety.

Read a Standard BOM from a JSON file

from siemens_standard_bom.parser import StandardBomParser

bom = StandardBomParser.parse("sbom.cdx.json")

Write a Standard BOM to a JSON file

from siemens_standard_bom.parser import StandardBomParser

bom = ...
StandardBomParser.save(bom, "sbom.cdx.json")

If you'd like to skip the .dependencies field in the output file, you can use the following code:

from siemens_standard_bom.parser import StandardBomParser

bom = ...
StandardBomParser.save(bom, "sbom.cdx.json", with_dependencies=False)

This will save the Standard BOM to the file without the .dependencies field, which is prohibited in the external profile.

Create a Standard BOM document programmatically

The StandardBom class is a subclass of the cyclonedx.bom.Bom class from the upstream library cyclonedx-python-lib since this library is a wrapper of the model objects from the upstream library.

from siemens_standard_bom.model import StandardBom, Component, ComponentType
from cyclonedx.model.contact import OrganizationalContact

bom = StandardBom()
bom.add_author(OrganizationalContact(name='John Doe'))
bom.add_tool(Component(name='Sample Tool', version='1.0.0', type=ComponentType.APPLICATION))
bom.add_component(Component(name='Sample Component', version='1.2.3', type=ComponentType.LIBRARY))

You can also use the Standard BOM wrapper classes to create and edit the Standard BOM document. For example, you can do the following similar to the example abode:

from siemens_standard_bom.model import StandardBom, Component, ComponentType, SbomComponent
from cyclonedx.model.contact import OrganizationalContact

bom = StandardBom()
bom.add_author(OrganizationalContact(name='John Doe'))
bom.add_tool(SbomComponent(Component(name='Sample Tool', version='1.0.0', type=ComponentType.APPLICATION)))
bom.add_component(SbomComponent(Component(name='Sample Component', version='1.2.3', type=ComponentType.LIBRARY)))

Retrieve fields from the Standard BOM object

Once you retrieve several fields from the StandardBom object, you get the wrapped Standard BOM types for these fields. For example, the tools or components getters returns a list of SbomComponent objects:

from typing import Iterable
from siemens_standard_bom.model import SbomComponent

bom = ...
components: Iterable[SbomComponent] = bom.components
tools: Iterable[SbomComponent] = bom.tools

Setting licenses to a component

You can set licenses to a component by using the licenses setter method of the SbomComponent class. SbomComponent.licenses setter method accepts an iterable of type License which can be a LicenseExpression or a DisjunctiveLicense:

from cyclonedx.model.license import LicenseExpression

component = SbomComponent(...)
licenses = [LicenseExpression(value="MIT")]
component.licenses = licenses

Development

In order to build this library on your local PC, and/or contribute to this library, mind the following prerequisites:

Once you have those prerequisites you can perform following development tasks locally:

  • Run the build by executing

    poetry install

    then

    poetry build

    This will generate the build artifacts under dist/ folder.

  • Run all unit tests with all test cases and static code analysis

    poetry run tox run

    This will run all the tests for all supported Python versions as well as static linting and type checking.

License

This project is Inner Source under the MIT license (SPDX-License-Identifier: MIT).

Copyright (c) Siemens AG 2019-2025 ALL RIGHTS RESERVED

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hakandilek from gravatar.com hakandilek Avatar for jensenthomas from gravatar.com jensenthomas Avatar for leoreinmann from gravatar.com leoreinmann

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: Hakan Dilek
  • Tags sbom , software-bill-of-materials , cyclonedx , cdx
  • Requires: Python <4.0, >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

4.1.0

4.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

siemens_standard_bom-4.1.0.tar.gz (11.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

siemens_standard_bom-4.1.0-py3-none-any.whl (11.0 kB view details)

Uploaded Python 3

File details

Details for the file siemens_standard_bom-4.1.0.tar.gz.

File metadata

  • Download URL: siemens_standard_bom-4.1.0.tar.gz
  • Upload date:
  • Size: 11.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for siemens_standard_bom-4.1.0.tar.gz
Algorithm Hash digest
SHA256 044cfe046b06443c58532d272408c905b21953cf3d622ba945e0791778629540
MD5 d899da710907385122ee203bbf1a5c2f
BLAKE2b-256 676016cb18bf4dc3501914e534167402b9447ec3659577c63672e67f7089a898

See more details on using hashes here.

Provenance

The following attestation bundles were made for siemens_standard_bom-4.1.0.tar.gz:

Publisher: release.yml on siemens/standard-bom-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file siemens_standard_bom-4.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for siemens_standard_bom-4.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4d8233128f0dcf9a8ef90c0cb218226e052c997aa2f0c34038a9eb3a7009f1d2
MD5 d2e3d2138d00bfdece605586c775e3c1
BLAKE2b-256 6ccdb434fa8ccad849026db6eee008497ad516da80e19867e512c6a656d07c97

See more details on using hashes here.

Provenance

The following attestation bundles were made for siemens_standard_bom-4.1.0-py3-none-any.whl:

Publisher: release.yml on siemens/standard-bom-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page