Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Populate bom.metadata.component #391

Closed
SaberStrat opened this issue Jul 20, 2022 · 13 comments · Fixed by #610
Closed

feat: Populate bom.metadata.component #391

SaberStrat opened this issue Jul 20, 2022 · 13 comments · Fixed by #610
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@SaberStrat
Copy link

As of 3.5.0, the SBOM resulting from running e.g. cyclonedx-bom --format json --output bom.json -e does not come with a metadata.component object.

Sure, one is able to modify the SBOM by hand.
But to align the Python SBOM creator tool more with CycloneDX's own plugins for other languages/build tools - like Gradle or NPM -, it'd be neat if it came with the optional setting, along with a default value, for the project's/parent component's type.

@jkowalleck
Copy link
Member

jkowalleck commented Jul 20, 2022

tried to reproduce the described behaviour via

# clone this repo

# setup the project
poetry install 

# generate the sbom of self
poetry run cyclonedx-bom --poetry --format json --output -
output: (beautified for readability on debugging)
{
	"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
	"bomFormat": "CycloneDX",
	"specVersion": "1.4",
	"serialNumber": "urn:uuid:4fd5a63a-311f-4490-9d97-3dd8faae8c5b",
	"version": 1,
	"metadata": {
		"timestamp": "2022-07-20T18:33:52.605138+00:00",
		"tools": [
			{
				"vendor": "CycloneDX",
				"name": "cyclonedx-bom",
				"version": "3.5.0"
			},
			{
				"vendor": "CycloneDX",
				"name": "cyclonedx-python-lib",
				"version": "2.5.2",
				"externalReferences": [
					{
						"url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions",
						"type": "build-system"
					},
					{
						"url": "https://pypi.org/project/cyclonedx-python-lib/",
						"type": "distribution"
					},
					{
						"url": "https://cyclonedx.github.io/cyclonedx-python-lib/",
						"type": "documentation"
					},
					{
						"url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues",
						"type": "issue-tracker"
					},
					{
						"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE",
						"type": "license"
					},
					{
						"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md",
						"type": "release-notes"
					},
					{
						"url": "https://github.com/CycloneDX/cyclonedx-python-lib",
						"type": "vcs"
					},
					{
						"url": "https://cyclonedx.org",
						"type": "website"
					}
				]
			}
		]
	},
	"components": [
		{
			"type": "library",
			"bom-ref": "221e9ebf-637f-42ea-92f9-4d377b718b04",
			"name": "attrs",
			"version": "21.4.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/attrs/21.4.0",
					"comment": "Distribution file: attrs-21.4.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4"
						}
					]
				},
				{
					"url": "https://pypi.org/project/attrs/21.4.0",
					"comment": "Distribution file: attrs-21.4.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "9355a3bb-2789-4b11-95f2-e60d3756062d",
			"name": "autopep8",
			"version": "1.6.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/autopep8/1.6.0",
					"comment": "Distribution file: autopep8-1.6.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ed77137193bbac52d029a52c59bec1b0629b5a186c495f1eb21b126ac466083f"
						}
					]
				},
				{
					"url": "https://pypi.org/project/autopep8/1.6.0",
					"comment": "Distribution file: autopep8-1.6.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "44f0932855039d2c15c4510d6df665e4730f2b8582704fa48f9c55bd3e17d979"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "1d127a2c-e89d-4d9a-b2fc-0eff17325f4f",
			"name": "colorama",
			"version": "0.4.4",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/colorama/0.4.4",
					"comment": "Distribution file: colorama-0.4.4-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"
						}
					]
				},
				{
					"url": "https://pypi.org/project/colorama/0.4.4",
					"comment": "Distribution file: colorama-0.4.4.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "85b55ad5-5988-4cbd-af48-9b5dff125742",
			"name": "coverage",
			"version": "6.2",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "6dbc1536e105adda7a6312c778f15aaabe583b0e9a0b0a324990334fd458c94b"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "174cf9b4bef0db2e8244f82059a5a72bd47e1d40e71c68ab055425172b16b7d0"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "92b8c845527eae547a2a6617d336adc56394050c3ed8a6918683646328fbb6da"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c7912d1526299cb04c88288e148c6c87c0df600eca76efd99d84396cfe00ef1d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-musllinux_1_1_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d5d2033d5db1d58ae2d62f095e1aefb6988af65b4b12cb8987af409587cc0739"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-musllinux_1_1_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "3feac4084291642165c3a0d9eaebedf19ffa505016c4d3db15bfe235718d4971"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-musllinux_1_1_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "276651978c94a8c5672ea60a2656e95a3cce2a3f31e9fb2d5ebd4c215d095840"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-win32.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "f506af4f27def639ba45789fa6fde45f9a217da0be05f8910458e4557eed020c"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp310-cp310-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "3f7c17209eef285c86f819ff04a6d4cbee9b33ef05cbcaae4c0b4e8e06b3ec8f"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp311-cp311-macosx_10_14_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "13362889b2d46e8d9f97c421539c97c963e34031ab0cb89e8ca83a10cc71ac76"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "22e60a3ca5acba37d1d4a2ee66e051f5b0e1b9ac950b5b0cf4aa5366eda41d47"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp311-cp311-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "b637c57fdb8be84e91fac60d9325a66a5981f8086c954ea2772efe28425eaf64"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "f467bbb837691ab5a8ca359199d3429a11a01e6dfb3d9dcc676dc035ca93c0a9"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "2641f803ee9f95b1f387f3e8f3bf28d83d9b69a39e9911e5bfee832bea75240d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "1219d760ccfafc03c0822ae2e06e3b1248a8e6d1a70928966bafc6838d3c9e48"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9a2b5b52be0a8626fcbffd7e689781bf8c2ac01613e77feda93d96184949a98e"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-musllinux_1_1_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "8e2c35a4c1f269704e90888e56f794e2d9c0262fb0c1b1c8c4ee44d9b9e77b5d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-musllinux_1_1_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "5d6b09c972ce9200264c35a1d53d43ca55ef61836d9ec60f0d44273a31aa9f17"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-musllinux_1_1_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e3db840a4dee542e37e09f30859f1612da90e1c5239a6a2498c473183a50e781"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-win32.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "4e547122ca2d244f7c090fe3f4b5a5861255ff66b7ab6d98f44a0222aaf8671a"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp36-cp36m-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "01774a2c2c729619760320270e42cd9e797427ecfddd32c2a7b639cdc481f3c0"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "fb8b8ee99b3fffe4fd86f4c81b35a6bf7e4462cba019997af2fe679365db0c49"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "619346d57c7126ae49ac95b11b0dc8e36c1dd49d148477461bb66c8cf13bb521"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "0a7726f74ff63f41e95ed3a89fef002916c828bb5fcae83b505b49d81a066884"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "cfd9386c1d6f13b37e05a91a8583e802f8059bebfccde61a418c5808dea6bbfa"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-musllinux_1_1_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "17e6c11038d4ed6e8af1407d9e89a2904d573be29d51515f14262d7f10ef0a64"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-musllinux_1_1_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c254b03032d5a06de049ce8bca8338a5185f07fb76600afff3c161e053d88617"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-musllinux_1_1_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "dca38a21e4423f3edb821292e97cec7ad38086f84313462098568baedf4331f8"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-win32.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "600617008aa82032ddeace2535626d1bc212dfff32b43989539deda63b3f36e4"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp37-cp37m-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "bf154ba7ee2fd613eb541c2bc03d3d9ac667080a737449d1a3fb342740eb1a74"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "f9afb5b746781fc2abce26193d1c817b7eb0e11459510fba65d2bd77fe161d9e"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "edcada2e24ed68f019175c2b2af2a8b481d3d084798b8c20d15d34f5c733fa58"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a9c8c4283e17690ff1a7427123ffb428ad6a52ed720d550e299e8291e33184dc"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "f614fc9956d76d8a88a88bb41ddc12709caa755666f580af3a688899721efecd"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-musllinux_1_1_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9365ed5cce5d0cf2c10afc6add145c5037d3148585b8ae0e77cc1efdd6aa2953"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-musllinux_1_1_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "8bdfe9ff3a4ea37d17f172ac0dff1e1c383aec17a636b9b35906babc9f0f5475"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-musllinux_1_1_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "63c424e6f5b4ab1cf1e23a43b12f542b0ec2e54f99ec9f11b75382152981df57"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-win32.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "49dbff64961bc9bdd2289a2bda6a3a5a331964ba5497f694e2cbd540d656dc1c"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp38-cp38-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9a29311bd6429be317c1f3fe4bc06c4c5ee45e2fa61b2a19d4d1d6111cb94af2"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp39-cp39-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "03b20e52b7d31be571c9c06b74746746d4eb82fc260e594dc662ed48145e9efd"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "215f8afcc02a24c2d9a10d3790b21054b58d71f4b3c6f055d4bb1b15cecce685"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a4bdeb0a52d1d04123b41d90a4390b096f3ef38eee35e11f0b22c2d031222c6c"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c332d8f8d448ded473b97fefe4a0983265af21917d8b0cdcb8bb06b2afe632c3"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp39-cp39-win32.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "6e1394d24d5938e561fbeaa0cd3d356207579c28bd1792f25a068743f2d5b282"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-cp39-cp39-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "86f2e78b1eff847609b1ca8050c9e1fa3bd44ce755b2ec30e70f2d3ba3844644"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2-pp36.pp37.pp38-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "5829192582c0ec8ca4a2532407bc14c2f338d9878a10442f5d03804a95fac9de"
						}
					]
				},
				{
					"url": "https://pypi.org/project/coverage/6.2",
					"comment": "Distribution file: coverage-6.2.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e2cad8093172b7d1595b4ad66f24270808658e11acf43a8f95b41276162eb5b8"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "71fd7a0e-4121-47d7-88f8-cb3b692167be",
			"name": "cyclonedx-python-lib",
			"version": "2.5.2",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/cyclonedx-python-lib/2.5.2",
					"comment": "Distribution file: cyclonedx-python-lib-2.5.2.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "875c0dac4c8be1da58cef399eb09ceba8668a153d2bfed67b7af8bdbca5bad61"
						}
					]
				},
				{
					"url": "https://pypi.org/project/cyclonedx-python-lib/2.5.2",
					"comment": "Distribution file: cyclonedx_python_lib-2.5.2-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "7a3aebcc1603e2cb0bc13ebf4274d2bd28ee46d199a7c2c05bd9d823ea7143e4"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "368e142c-aacc-411b-b2de-61611cc0c07c",
			"name": "distlib",
			"version": "0.3.4",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/distlib/0.3.4",
					"comment": "Distribution file: distlib-0.3.4-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "6564fe0a8f51e734df6333d08b8b94d4ea8ee6b99b5ed50613f731fd4089f34b"
						}
					]
				},
				{
					"url": "https://pypi.org/project/distlib/0.3.4",
					"comment": "Distribution file: distlib-0.3.4.zip",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e4b58818180336dc9c529bfb9a0b58728ffc09ad92027a3f30b7cd91e3458579"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "b7821c28-1a71-4acc-8723-fbc9884ca353",
			"name": "filelock",
			"version": "3.4.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/filelock/3.4.1",
					"comment": "Distribution file: filelock-3.4.1-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a4bc51381e01502a30e9f06dd4fa19a1712eab852b6fb0f84fd7cce0793d8ca3"
						}
					]
				},
				{
					"url": "https://pypi.org/project/filelock/3.4.1",
					"comment": "Distribution file: filelock-3.4.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "0f12f552b42b5bf60dba233710bf71337d35494fc8bdd4fd6d9f6d082ad45e06"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "fa4bfc98-fd00-4cb7-a820-4b0d0e46eabf",
			"name": "flake8",
			"version": "4.0.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/flake8/4.0.1",
					"comment": "Distribution file: flake8-4.0.1-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "479b1304f72536a55948cb40a32dce8bb0ffe3501e26eaf292c7e60eb5e0428d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/flake8/4.0.1",
					"comment": "Distribution file: flake8-4.0.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "806e034dda44114815e23c16ef92f95c91e4c71100ff52813adf7132a6ad870d"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "82f5d4c0-0cd3-4e68-89af-1eb9f375918f",
			"name": "flake8-annotations",
			"version": "2.7.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/flake8-annotations/2.7.0",
					"comment": "Distribution file: flake8-annotations-2.7.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "52e53c05b0c06cac1c2dec192ea2c36e85081238add3bd99421d56f574b9479b"
						}
					]
				},
				{
					"url": "https://pypi.org/project/flake8-annotations/2.7.0",
					"comment": "Distribution file: flake8_annotations-2.7.0-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "3edfbbfb58e404868834fe6ec3eaf49c139f64f0701259f707d043185545151e"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "66e202c0-21cb-46e2-b3d8-06f57db16904",
			"name": "flake8-bugbear",
			"version": "22.7.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/flake8-bugbear/22.7.1",
					"comment": "Distribution file: flake8-bugbear-22.7.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e450976a07e4f9d6c043d4f72b17ec1baf717fe37f7997009c8ae58064f88305"
						}
					]
				},
				{
					"url": "https://pypi.org/project/flake8-bugbear/22.7.1",
					"comment": "Distribution file: flake8_bugbear-22.7.1-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "db5d7a831ef4412a224b26c708967ff816818cabae415e76b8c58df156c4b8e5"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "64270487-d39e-497f-86ad-ec4ac6a7d3d3",
			"name": "flake8-isort",
			"version": "4.1.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/flake8-isort/4.1.1",
					"comment": "Distribution file: flake8-isort-4.1.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d814304ab70e6e58859bc5c3e221e2e6e71c958e7005239202fee19c24f82717"
						}
					]
				},
				{
					"url": "https://pypi.org/project/flake8-isort/4.1.1",
					"comment": "Distribution file: flake8_isort-4.1.1-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c4e8b6dcb7be9b71a02e6e5d4196cefcef0f3447be51e82730fb336fff164949"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "5a15e858-a9a7-449b-a8e7-b028501983a6",
			"name": "importlib-metadata",
			"version": "4.2.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/importlib-metadata/4.2.0",
					"comment": "Distribution file: importlib_metadata-4.2.0-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "057e92c15bc8d9e8109738a48db0ccb31b4d9d5cfbee5a8670879a30be66304b"
						}
					]
				},
				{
					"url": "https://pypi.org/project/importlib-metadata/4.2.0",
					"comment": "Distribution file: importlib_metadata-4.2.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "b7e52a1f8dec14a75ea73e0891f3060099ca1d8e6a462a4dff11c3e119ea1b31"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "a2f9b409-1157-439a-b80a-c774e832dc77",
			"name": "importlib-resources",
			"version": "5.4.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/importlib-resources/5.4.0",
					"comment": "Distribution file: importlib_resources-5.4.0-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "33a95faed5fc19b4bc16b29a6eeae248a3fe69dd55d4d229d2b480e23eeaad45"
						}
					]
				},
				{
					"url": "https://pypi.org/project/importlib-resources/5.4.0",
					"comment": "Distribution file: importlib_resources-5.4.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d756e2f85dd4de2ba89be0b21dba2a3bbec2e871a42a3a16719258a11f87506b"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "c42b266b-6645-4fbb-bc22-30658d1094b6",
			"name": "isort",
			"version": "5.10.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/isort/5.10.1",
					"comment": "Distribution file: isort-5.10.1-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "6f62d78e2f89b4500b080fe3a81690850cd254227f27f75c3a0c491a1f351ba7"
						}
					]
				},
				{
					"url": "https://pypi.org/project/isort/5.10.1",
					"comment": "Distribution file: isort-5.10.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e8443a5e7a020e9d7f97f1d7d9cd17c88bcb3bc7e218bf9cf5095fe550be2951"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "35afcc71-b81a-42a5-811d-54945937c882",
			"name": "mccabe",
			"version": "0.6.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/mccabe/0.6.1",
					"comment": "Distribution file: mccabe-0.6.1-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mccabe/0.6.1",
					"comment": "Distribution file: mccabe-0.6.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "e951705e-30c4-497a-98ef-f9d141136a46",
			"name": "mypy",
			"version": "0.971",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp310-cp310-macosx_10_9_universal2.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "f2899a3cbd394da157194f913a931edfd4be5f274a88041c9dc2d9cdcb1c315c"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp310-cp310-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "98e02d56ebe93981c41211c05adb630d1d26c14195d04d95e49cd97dbc046dc5"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp310-cp310-macosx_11_0_arm64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "19830b7dba7d5356d3e26e2427a2ec91c994cd92d983142cbd025ebe81d69cf3"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "02ef476f6dcb86e6f502ae39a16b93285fef97e7f1ff22932b657d1ef1f28655"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp310-cp310-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "25c5750ba5609a0c7550b73a33deb314ecfb559c350bb050b655505e8aed4103"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp36-cp36m-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d3348e7eb2eea2472db611486846742d5d52d1290576de99d59edeb7cd4a42ca"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "3fa7a477b9900be9b7dd4bab30a12759e5abe9586574ceb944bc29cddf8f0417"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp36-cp36m-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "2ad53cf9c3adc43cf3bea0a7d01a2f2e86db9fe7596dfecb4496a5dda63cbb09"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp37-cp37m-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "855048b6feb6dfe09d3353466004490b1872887150c5bb5caad7838b57328cc8"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "23488a14a83bca6e54402c2e6435467a4138785df93ec85aeff64c6170077fb0"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp37-cp37m-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "4b21e5b1a70dfb972490035128f305c39bc4bc253f34e96a4adf9127cf943eb2"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp38-cp38-macosx_10_9_universal2.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9796a2ba7b4b538649caa5cecd398d873f4022ed2333ffde58eaf604c4d2cb27"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp38-cp38-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "5a361d92635ad4ada1b1b2d3630fc2f53f2127d51cf2def9db83cba32e47c856"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp38-cp38-macosx_11_0_arm64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "b793b899f7cf563b1e7044a5c97361196b938e92f0a4343a5d27966a53d2ec71"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d1ea5d12c8e2d266b5fb8c7a5d2e9c0219fedfeb493b7ed60cd350322384ac27"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp38-cp38-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "23c7ff43fff4b0df93a186581885c8512bc50fc4d4910e0f838e35d6bb6b5e58"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp39-cp39-macosx_10_9_universal2.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "1f7656b69974a6933e987ee8ffb951d836272d6c0f81d727f1d0e2696074d9e6"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp39-cp39-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d2022bfadb7a5c2ef410d6a7c9763188afdb7f3533f22a0a32be10d571ee4bbe"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp39-cp39-macosx_11_0_arm64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ef943c72a786b0f8d90fd76e9b39ce81fb7171172daf84bf43eaf937e9f220a9"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "d744f72eb39f69312bc6c2abf8ff6656973120e2eb3f3ec4f758ed47e414a4bf"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-cp39-cp39-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "77a514ea15d3007d33a9e2157b0ba9c267496acf12a7f2b9b9f8446337aac5b0"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "0d054ef16b071149917085f51f89555a576e2618d5d9dd70bd6eea6410af3ac9"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy/0.971",
					"comment": "Distribution file: mypy-0.971.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "40b0f21484238269ae6a57200c807d80debc6459d444c0489a102d7c6a75fa56"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "d108a2c9-619a-46f1-ba45-bebd6472f7a6",
			"name": "mypy-extensions",
			"version": "0.4.3",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/mypy-extensions/0.4.3",
					"comment": "Distribution file: mypy_extensions-0.4.3-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/mypy-extensions/0.4.3",
					"comment": "Distribution file: mypy_extensions-0.4.3.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "bb447ba4-a9ae-4199-b6c9-e9ebb312eb5e",
			"name": "packageurl-python",
			"version": "0.9.9",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/packageurl-python/0.9.9",
					"comment": "Distribution file: packageurl-python-0.9.9.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "872a0434b9a448b3fa97571711f69dd2a3fb72345ad66c90b17d827afea82f09"
						}
					]
				},
				{
					"url": "https://pypi.org/project/packageurl-python/0.9.9",
					"comment": "Distribution file: packageurl_python-0.9.9-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "07aa852d1c48b0e86e625f6a32d83f96427739806b269d0f8142788ee807114b"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "2b429360-f6e9-4455-82aa-ed8ee6a04098",
			"name": "packaging",
			"version": "21.3",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/packaging/21.3",
					"comment": "Distribution file: packaging-21.3-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"
						}
					]
				},
				{
					"url": "https://pypi.org/project/packaging/21.3",
					"comment": "Distribution file: packaging-21.3.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "fda0e8b4-7b83-427a-92a8-023f65e7e2e4",
			"name": "pip-requirements-parser",
			"version": "31.2.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/pip-requirements-parser/31.2.0",
					"comment": "Distribution file: pip-requirements-parser-31.2.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "8c2a6f8e091ac2693824a5ef4e3b250226e34f74a20a91a87b9ab0714b47788f"
						}
					]
				},
				{
					"url": "https://pypi.org/project/pip-requirements-parser/31.2.0",
					"comment": "Distribution file: pip_requirements_parser-31.2.0-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "22fa213a987913385b2484d5698ecfa1d9cf4154978cdf929085548af55355b0"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "38c1a869-5c65-4990-9a86-8c8e69cdbd62",
			"name": "platformdirs",
			"version": "2.4.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/platformdirs/2.4.0",
					"comment": "Distribution file: platformdirs-2.4.0-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "8868bbe3c3c80d42f20156f22e7131d2fb321f5bc86a2a345375c6481a67021d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/platformdirs/2.4.0",
					"comment": "Distribution file: platformdirs-2.4.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "367a5e80b3d04d2428ffa76d33f124cf11e8fff2acdaa9b43d545f5c7d661ef2"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "60bb7c13-b0b5-4056-bc66-7f6edd7f37bc",
			"name": "pluggy",
			"version": "1.0.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/pluggy/1.0.0",
					"comment": "Distribution file: pluggy-1.0.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"
						}
					]
				},
				{
					"url": "https://pypi.org/project/pluggy/1.0.0",
					"comment": "Distribution file: pluggy-1.0.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "ab557d79-4499-4a92-843d-8363433a5401",
			"name": "py",
			"version": "1.11.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/py/1.11.0",
					"comment": "Distribution file: py-1.11.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"
						}
					]
				},
				{
					"url": "https://pypi.org/project/py/1.11.0",
					"comment": "Distribution file: py-1.11.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "673a9d4c-524d-421b-98e9-d854a0f0dc2f",
			"name": "pycodestyle",
			"version": "2.8.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/pycodestyle/2.8.0",
					"comment": "Distribution file: pycodestyle-2.8.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "720f8b39dde8b293825e7ff02c475f3077124006db4f440dcbc9a20b76548a20"
						}
					]
				},
				{
					"url": "https://pypi.org/project/pycodestyle/2.8.0",
					"comment": "Distribution file: pycodestyle-2.8.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "eddd5847ef438ea1c7870ca7eb78a9d47ce0cdb4851a5523949f2601d0cbbe7f"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "df4d3aab-bee3-40a0-86d5-31db7b16d9d7",
			"name": "pyflakes",
			"version": "2.4.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/pyflakes/2.4.0",
					"comment": "Distribution file: pyflakes-2.4.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "3bb3a3f256f4b7968c9c788781e4ff07dce46bdf12339dcda61053375426ee2e"
						}
					]
				},
				{
					"url": "https://pypi.org/project/pyflakes/2.4.0",
					"comment": "Distribution file: pyflakes-2.4.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "05a85c2872edf37a4ed30b0cce2f6093e1d0581f8c19d7393122da7e25b2b24c"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "d877b06b-0bcd-4eb2-9f4a-8b0877fac6bd",
			"name": "pyparsing",
			"version": "3.0.7",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/pyparsing/3.0.7",
					"comment": "Distribution file: pyparsing-3.0.7-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"
						}
					]
				},
				{
					"url": "https://pypi.org/project/pyparsing/3.0.7",
					"comment": "Distribution file: pyparsing-3.0.7.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "9d435103-af5b-4877-a66d-ebcc5e57b092",
			"name": "six",
			"version": "1.16.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/six/1.16.0",
					"comment": "Distribution file: six-1.16.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"
						}
					]
				},
				{
					"url": "https://pypi.org/project/six/1.16.0",
					"comment": "Distribution file: six-1.16.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "7db59f1b-697f-4f80-bb60-1f9d112e6949",
			"name": "sortedcontainers",
			"version": "2.4.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/sortedcontainers/2.4.0",
					"comment": "Distribution file: sortedcontainers-2.4.0-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a163dcaede0f1c021485e957a39245190e74249897e2ae4b2aa38595db237ee0"
						}
					]
				},
				{
					"url": "https://pypi.org/project/sortedcontainers/2.4.0",
					"comment": "Distribution file: sortedcontainers-2.4.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "25caa5a06cc30b6b83d11423433f65d1f9d76c4c6a0c90e3379eaa43b9bfdb88"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "f0380402-642a-4b0b-9b05-3a5585919a7d",
			"name": "testfixtures",
			"version": "6.18.5",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/testfixtures/6.18.5",
					"comment": "Distribution file: testfixtures-6.18.5-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "7de200e24f50a4a5d6da7019fb1197aaf5abd475efb2ec2422fdcf2f2eb98c1d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/testfixtures/6.18.5",
					"comment": "Distribution file: testfixtures-6.18.5.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "02dae883f567f5b70fd3ad3c9eefb95912e78ac90be6c7444b5e2f46bf572c84"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "4253c94a-ce2a-48e7-b25a-604c8b02bedf",
			"name": "toml",
			"version": "0.10.2",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/toml/0.10.2",
					"comment": "Distribution file: toml-0.10.2-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
						}
					]
				},
				{
					"url": "https://pypi.org/project/toml/0.10.2",
					"comment": "Distribution file: toml-0.10.2.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "c0876443-31cb-44dc-b8fe-5e26f777b750",
			"name": "tomli",
			"version": "1.2.3",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/tomli/1.2.3",
					"comment": "Distribution file: tomli-1.2.3-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e3069e4be3ead9668e21cb9b074cd948f7b3113fd9c8bba083f48247aab8b11c"
						}
					]
				},
				{
					"url": "https://pypi.org/project/tomli/1.2.3",
					"comment": "Distribution file: tomli-1.2.3.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "05b6166bff487dc068d322585c7ea4ef78deed501cc124060e0f238e89a9231f"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "d6eafd24-e736-4241-891d-7645e7fe64c8",
			"name": "tox",
			"version": "3.25.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/tox/3.25.1",
					"comment": "Distribution file: tox-3.25.1-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c38e15f4733683a9cc0129fba078633e07eb0961f550a010ada879e95fb32632"
						}
					]
				},
				{
					"url": "https://pypi.org/project/tox/3.25.1",
					"comment": "Distribution file: tox-3.25.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c138327815f53bc6da4fe56baec5f25f00622ae69ef3fe4e1e385720e22486f9"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "6e6a75ee-367c-4d00-8a0a-484baac296a1",
			"name": "typed-ast",
			"version": "1.5.4",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "669dd0c4167f6f2cd9f57041e03c3c2ebf9063d0757dc89f79ba1daa2bfca9d4"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-macosx_11_0_arm64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "211260621ab1cd7324e0798d6be953d00b74e0428382991adfddb352252f1d62"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "267e3f78697a6c00c689c03db4876dd1efdfea2f251a5ad6555e82a26847b4ac"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "c542eeda69212fa10a7ada75e668876fdec5f856cd3d06829e6aa64ad17c8dfe"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a9916d2bb8865f973824fb47436fa45e1ebf2efd920f2b9f99342cb7fab93f72"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "79b1e0869db7c830ba6a981d58711c88b6677506e648496b1f64ac7d15633aec"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "a94d55d142c9265f4ea46fab70977a1944ecae359ae867397757d836ea5a3f47"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "183afdf0ec5b1b211724dfef3d2cad2d767cbefac291f24d69b00546c1837fb6"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "639c5f0b21776605dd6c9dbe592d5228f021404dafd377e2b7ac046b0349b1a1"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "cf4afcfac006ece570e32d6fa90ab74a17245b83dfd6655a6f68568098345ff6"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ed855bbe3eb3715fca349c80174cfcfd699c2f9de574d40527b8429acae23a66"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "6778e1b2f81dfc7bc58e4b259363b83d2e509a65198e85d5700dfae4c6c8ff1c"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "0261195c2062caf107831e92a76764c81227dae162c4f75192c0d489faf751a2"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "2efae9db7a8c05ad5547d522e7dbe62c83d838d3906a3716d1478b6c1d61388d"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-macosx_11_0_arm64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "7d5d014b7daa8b0bf2eaef684295acae12b036d79f54178b92a2b6a56f92278f"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "370788a63915e82fd6f212865a596a0fefcbb7d408bbbb13dea723d971ed8bdc"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "4e964b4ff86550a7a7d56345c7864b18f403f5bd7380edf44a3c1fb4ee7ac6c6"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "683407d92dc953c8a7347119596f0b0e6c55eb98ebebd9b23437501b28dcbb8e"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-macosx_10_9_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "4879da6c9b73443f97e731b617184a596ac1235fe91f98d279a7af36c796da35"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-macosx_11_0_arm64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "3e123d878ba170397916557d31c8f589951e353cc95fb7f24f6bb69adc1a8a97"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ebd9d7f80ccf7a82ac5f88c521115cc55d84e35bf8b446fcd7836eb6b98929a3"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "98f80dee3c03455e92796b58b98ff6ca0b2a6f652120c263efdba4d6c5e58f72"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-win_amd64.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "0fdbcf2fef0ca421a3f5912555804296f0b0960f0418c440f5d6d3abb549f3e1"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typed-ast/1.5.4",
					"comment": "Distribution file: typed_ast-1.5.4.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "39e21ceb7388e4bb37f4c679d72707ed46c2fbf2a5609b8b8ebc4b067d977df2"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "88aadb10-ffa3-4c50-9440-f98ad9c2ab26",
			"name": "types-setuptools",
			"version": "57.4.17",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/types-setuptools/57.4.17",
					"comment": "Distribution file: types-setuptools-57.4.17.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9d556fcaf6808a1cead4aaa41e5c07a61f0152a875811e1239738eba4e0b7b16"
						}
					]
				},
				{
					"url": "https://pypi.org/project/types-setuptools/57.4.17",
					"comment": "Distribution file: types_setuptools-57.4.17-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9c7cdaf0d55113e24ac17103bde2d434472abf1dbf444238e989fe4e798ffa26"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "aaab3317-0523-4f0e-b1b2-444f19f7c483",
			"name": "types-toml",
			"version": "0.10.8",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/types-toml/0.10.8",
					"comment": "Distribution file: types-toml-0.10.8.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "b7e7ea572308b1030dc86c3ba825c5210814c2825612ec679eb7814f8dd9295a"
						}
					]
				},
				{
					"url": "https://pypi.org/project/types-toml/0.10.8",
					"comment": "Distribution file: types_toml-0.10.8-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "8300fd093e5829eb9c1fba69cee38130347d4b74ddf32d0a7df650ae55c2b599"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "5dd42711-1a84-4dfd-b70e-09f21cc887af",
			"name": "typing-extensions",
			"version": "4.1.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/typing-extensions/4.1.1",
					"comment": "Distribution file: typing_extensions-4.1.1-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "21c85e0fe4b9a155d0799430b0ad741cdce7e359660ccbd8b530613e8df88ce2"
						}
					]
				},
				{
					"url": "https://pypi.org/project/typing-extensions/4.1.1",
					"comment": "Distribution file: typing_extensions-4.1.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "1a9462dcc3347a79b1f1c0271fbe79e844580bb598bafa1ed208b94da3cdcd42"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "4607d050-b6b4-4b01-b8b7-ed0167f71683",
			"name": "virtualenv",
			"version": "20.14.1",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/virtualenv/20.14.1",
					"comment": "Distribution file: virtualenv-20.14.1-py2.py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "e617f16e25b42eb4f6e74096b9c9e37713cf10bf30168fb4a739f3fa8f898a3a"
						}
					]
				},
				{
					"url": "https://pypi.org/project/virtualenv/20.14.1",
					"comment": "Distribution file: virtualenv-20.14.1.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "ef589a79795589aada0c1c5b319486797c03b67ac3984c48c669c0e4f50df3a5"
						}
					]
				}
			]
		},
		{
			"type": "library",
			"bom-ref": "da8e5a6f-d5a9-47c0-bc3c-c1059d18e6a4",
			"name": "zipp",
			"version": "3.6.0",
			"purl": "pkg:pypi/[email protected]",
			"externalReferences": [
				{
					"url": "https://pypi.org/project/zipp/3.6.0",
					"comment": "Distribution file: zipp-3.6.0-py3-none-any.whl",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "9fe5ea21568a0a70e50f273397638d39b03353731e6cbbb3fd8502a33fec40bc"
						}
					]
				},
				{
					"url": "https://pypi.org/project/zipp/3.6.0",
					"comment": "Distribution file: zipp-3.6.0.tar.gz",
					"type": "distribution",
					"hashes": [
						{
							"alg": "SHA-256",
							"content": "71c644c5369f4a6e07636f0aa966270449561fcea2e3d6747b8d23efaa9d7832"
						}
					]
				}
			]
		}
	],
	"dependencies": [
		{
			"ref": "221e9ebf-637f-42ea-92f9-4d377b718b04",
			"dependsOn": []
		},
		{
			"ref": "9355a3bb-2789-4b11-95f2-e60d3756062d",
			"dependsOn": []
		},
		{
			"ref": "1d127a2c-e89d-4d9a-b2fc-0eff17325f4f",
			"dependsOn": []
		},
		{
			"ref": "85b55ad5-5988-4cbd-af48-9b5dff125742",
			"dependsOn": []
		},
		{
			"ref": "71fd7a0e-4121-47d7-88f8-cb3b692167be",
			"dependsOn": []
		},
		{
			"ref": "368e142c-aacc-411b-b2de-61611cc0c07c",
			"dependsOn": []
		},
		{
			"ref": "b7821c28-1a71-4acc-8723-fbc9884ca353",
			"dependsOn": []
		},
		{
			"ref": "fa4bfc98-fd00-4cb7-a820-4b0d0e46eabf",
			"dependsOn": []
		},
		{
			"ref": "82f5d4c0-0cd3-4e68-89af-1eb9f375918f",
			"dependsOn": []
		},
		{
			"ref": "66e202c0-21cb-46e2-b3d8-06f57db16904",
			"dependsOn": []
		},
		{
			"ref": "64270487-d39e-497f-86ad-ec4ac6a7d3d3",
			"dependsOn": []
		},
		{
			"ref": "5a15e858-a9a7-449b-a8e7-b028501983a6",
			"dependsOn": []
		},
		{
			"ref": "a2f9b409-1157-439a-b80a-c774e832dc77",
			"dependsOn": []
		},
		{
			"ref": "c42b266b-6645-4fbb-bc22-30658d1094b6",
			"dependsOn": []
		},
		{
			"ref": "35afcc71-b81a-42a5-811d-54945937c882",
			"dependsOn": []
		},
		{
			"ref": "e951705e-30c4-497a-98ef-f9d141136a46",
			"dependsOn": []
		},
		{
			"ref": "d108a2c9-619a-46f1-ba45-bebd6472f7a6",
			"dependsOn": []
		},
		{
			"ref": "bb447ba4-a9ae-4199-b6c9-e9ebb312eb5e",
			"dependsOn": []
		},
		{
			"ref": "2b429360-f6e9-4455-82aa-ed8ee6a04098",
			"dependsOn": []
		},
		{
			"ref": "fda0e8b4-7b83-427a-92a8-023f65e7e2e4",
			"dependsOn": []
		},
		{
			"ref": "38c1a869-5c65-4990-9a86-8c8e69cdbd62",
			"dependsOn": []
		},
		{
			"ref": "60bb7c13-b0b5-4056-bc66-7f6edd7f37bc",
			"dependsOn": []
		},
		{
			"ref": "ab557d79-4499-4a92-843d-8363433a5401",
			"dependsOn": []
		},
		{
			"ref": "673a9d4c-524d-421b-98e9-d854a0f0dc2f",
			"dependsOn": []
		},
		{
			"ref": "df4d3aab-bee3-40a0-86d5-31db7b16d9d7",
			"dependsOn": []
		},
		{
			"ref": "d877b06b-0bcd-4eb2-9f4a-8b0877fac6bd",
			"dependsOn": []
		},
		{
			"ref": "9d435103-af5b-4877-a66d-ebcc5e57b092",
			"dependsOn": []
		},
		{
			"ref": "7db59f1b-697f-4f80-bb60-1f9d112e6949",
			"dependsOn": []
		},
		{
			"ref": "f0380402-642a-4b0b-9b05-3a5585919a7d",
			"dependsOn": []
		},
		{
			"ref": "4253c94a-ce2a-48e7-b25a-604c8b02bedf",
			"dependsOn": []
		},
		{
			"ref": "c0876443-31cb-44dc-b8fe-5e26f777b750",
			"dependsOn": []
		},
		{
			"ref": "d6eafd24-e736-4241-891d-7645e7fe64c8",
			"dependsOn": []
		},
		{
			"ref": "6e6a75ee-367c-4d00-8a0a-484baac296a1",
			"dependsOn": []
		},
		{
			"ref": "88aadb10-ffa3-4c50-9440-f98ad9c2ab26",
			"dependsOn": []
		},
		{
			"ref": "aaab3317-0523-4f0e-b1b2-444f19f7c483",
			"dependsOn": []
		},
		{
			"ref": "5dd42711-1a84-4dfd-b70e-09f21cc887af",
			"dependsOn": []
		},
		{
			"ref": "4607d050-b6b4-4b01-b8b7-ed0167f71683",
			"dependsOn": []
		},
		{
			"ref": "da8e5a6f-d5a9-47c0-bc3c-c1059d18e6a4",
			"dependsOn": []
		}
	]
}

@jkowalleck jkowalleck added the bug Something isn't working label Jul 20, 2022
@jkowalleck
Copy link
Member

jkowalleck commented Jul 20, 2022

Thanks for the (confirmed) report, @SaberStrat .

Do you want to give it a try and provide a fix/feature/PR?

@jkowalleck jkowalleck pinned this issue Jul 20, 2022
@jkowalleck jkowalleck removed the bug Something isn't working label Jul 21, 2022
@jkowalleck
Copy link
Member

jkowalleck commented Jul 21, 2022

could try to evaluate the following files, to gather the requested information:

  • pyproject.toml
  • poetry.lock
  • setup.cfg/setup.py

and additionally we could allow CLI options/switches/arguments to set the data like

  • meta.component.vendor meta.component.group
  • meta.component.name
  • meta.component.version

any thoughts, @madpah , @SaberStrat ?

@jkowalleck jkowalleck unpinned this issue Jul 21, 2022
@SaberStrat
Copy link
Author

Thanks for the quick response. The additional data sounds good, though metadata.component.vendor isn't defined in the CycloneDX specs. More fields are possible, but aside from the required metadata.component.type, .name and .version are probably a valid minimum.

If absolutely no one else is in dire need of an issue to work on, I could tackle it. But can't provide an ETA.

@madpah
Copy link
Collaborator

madpah commented Jul 21, 2022

This is an interesting idea - thanks for raising @SaberStrat.

Being able to accurately populate meta.component would be great, and my view is that parsing data from the example files called out by @jkowalleck would be the only sane approach. Having configuration options to provide this data could also be an option too. Which options would work best for your use case @SaberStrat ?

@madpah madpah changed the title Allow metatype.component.type to be set via configuration option [FEATURE] Populate metatype.component Jul 21, 2022
@madpah madpah changed the title [FEATURE] Populate metatype.component [FEATURE] Populate bom.metadata.component Jul 21, 2022
@madpah madpah added the enhancement New feature or request label Jul 21, 2022
@SaberStrat
Copy link
Author

As far as I know, we don't even use a Python-specific build tool/system. Just plain conda. So for me, as of right now, CLI options would cover my use cases.

If the build config files allow for a definition of the metadata.components, then for consistency sake that should be supported as well ofc.

@jkowalleck jkowalleck changed the title [FEATURE] Populate bom.metadata.component feat: Populate bom.metadata.component Dec 11, 2022
@AliciaBytes
Copy link

This is a big issue for us. Hierarchical merge requires a component to exist and working around it is a big hack. Would it be possible to at least have cli options to give component information to this tool and populate the field.

@jkowalleck
Copy link
Member

sure, it is possible. :-)
Feel free to contribute(pullrequest) a solution.

We are currently in a feature-freeze phase for v1-v3,
while we are creating the next major version, v4.
Development is done in dev/4.x.x branch. New features should be branched from there and be pull-requested to this branch.

@jkowalleck jkowalleck added the help wanted Extra attention is needed label Apr 11, 2023
@jkowalleck jkowalleck removed the help wanted Extra attention is needed label Nov 14, 2023
@jkowalleck jkowalleck self-assigned this Nov 14, 2023
@jkowalleck jkowalleck added this to the 4.0.0 milestone Nov 14, 2023
@jkowalleck jkowalleck linked a pull request Nov 14, 2023 that will close this issue
42 tasks
@jkowalleck jkowalleck mentioned this issue Dec 1, 2023
9 tasks
@jkowalleck
Copy link
Member

jkowalleck commented Dec 1, 2023

@stevespringett
Copy link
Member

@jkowalleck Any plans on supporting myproject.toml for not only the bom metadata, but for dependencies as well?

@jkowalleck
Copy link
Member

re: #391 (comment)
this would be a different topic.
the dependencies in pyproject.toml would act as a root-filter for the from environment source. see #614

@jkowalleck
Copy link
Member

fixed by #605

@jkowalleck
Copy link
Member

This feature will be part of the next/upcoming major release.
Changelog: see #605
Install via: pip install cyclonedx-bom==4.0.0rc1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants