Changelog

Emitted metadata tool name is cyclonedx-py, was cyclonedx-bom. * Emitted metadata tools are up to non-deprecated CycloneDX specification. * No longer emit deprecated or undocumented properties in namespace ``cdx:poetry` <https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/poetry.md>`_ (see previous release 4.6.0 for official replacements). - cdx:poetry:source:package:reference - cdx:poetry:package:source:resolved_reference - cdx:poetry:package:source:vcs:requested_revision - cdx:poetry:package:source:vcs:commit_id

The mentioned changes are considered “breaking” for processes that relied on the respective data: structures. Migration paths are self-explanatory.

Dependencies

Requires cyclonedx-python-lib>=8.0.0,<9 now, was >=7.3.0,<8.0.0,!=7.3.1.

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.6.1 (2024-09-30)

Bug Fixes

Help page for sub command “environment” on windows (#805, ``9e8a5d7` <https://github.com/CycloneDX/cyclonedx-python/commit/9e8a5d72045b3477e5523ed891493c29a584f35f>`_)

fixes #804

Signed-off-by: Steve (Gadget) Barnes gadgetsteve@hotmail.com

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Co-authored-by: Jan Kowalleck jan.kowalleck@gmail.com

Documentation

Contrib and setup hint (``2ae46ff` <https://github.com/CycloneDX/cyclonedx-python/commit/2ae46ff222067724d4f1e5e23335cd342f6775a6>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.6.0 (2024-09-20)

Documentation

Reformat help page in usage docs (#788, ``a1354e5` <https://github.com/CycloneDX/cyclonedx-python/commit/a1354e5fd074036499d308488e0e621647afc3ce>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Features

Populate properties cdx:python:package:source:vcs:... (#790, ``b08e1bb` <https://github.com/CycloneDX/cyclonedx-python/commit/b08e1bb46871b167fb0ca135d2f97ad8a19df313>`_)

populate the newly added/fixed CycloneDX properties cdx:python:package:source:vcs:... in: accordance with https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/96 and https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/98.

the deprecated properties are still used, so no breaking changes exist.

fixes #789

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.5.1 (2024-09-18)

Bug Fixes

Assert copyright headers (#787, ``dddcb5d` <https://github.com/CycloneDX/cyclonedx-python/commit/dddcb5dc6529e60c82dcfd756a0a8b31ae76e9bf>`_)

utilizes flake8 plugin https://pypi.org/project/flake8-copyright-validator/ to assert the correct: headers

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Documentation

Fix typo (``9f9fa9e` <https://github.com/CycloneDX/cyclonedx-python/commit/9f9fa9e795b2aea847ae7639b018fd6c32d7e38c>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.5.0 (2024-06-10)

Documentation

Exclude dep bumps from changelog (#750, ``3d02d6a` <https://github.com/CycloneDX/cyclonedx-python/commit/3d02d6ab32d864a6cf9c84a12f60623c6a784c4b>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Ossf best practice badge percentage (``5717803` <https://github.com/CycloneDX/cyclonedx-python/commit/5717803b27f71d6133cce5a5ea91cd87f130626a>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Features

Environment - gather declared license information according to PEP639 (#755, ``e9cc805` <https://github.com/CycloneDX/cyclonedx-python/commit/e9cc8058bb299e98a6f645426a2626bcfa3f06eb>`_)

From python environments, gather additional declared license information according to `PEP: 639 <https://peps.python.org/pep-0639>`_ (improving license clarity with better package metadata).
New CLI switches for cyclonedx environment: * –PEP-639: Enable license gathering according to: PEP 639 (improving license clarity with better package metadata). The behavior may change during the draft development of the PEP. * --gather-license-texts: Enable license text gathering.
In current state of implementation, --gather-license-texts has effect only if --PEP-639 is also: given.

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.4.3 (2024-04-26)

Bug Fixes

Do not use cyclonedx-lib==7.3.1 (#729, ``aa715c0` <https://github.com/CycloneDX/cyclonedx-python/commit/aa715c0e94045c35fda7b6908c3c59cb84fb5e0c>`_)

add regression test for #727 fixes #727

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.4.2 (2024-04-21)

Bug Fixes

Release lates container image (#726, ``0155450` <https://github.com/CycloneDX/cyclonedx-python/commit/015545014d7bb0fe72438d6707db4abc89dba031>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.4.1 (2024-04-21)

Bug Fixes

Release lates container image (#725, ``8ba9d0b` <https://github.com/CycloneDX/cyclonedx-python/commit/8ba9d0b35f9d9593b5a3e232bf5e92d79b42fab9>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.4.0 (2024-04-21)

Features

Publish to GHCR (#724, ``8c18484` <https://github.com/CycloneDX/cyclonedx-python/commit/8c184842af1a790692a898e9437a209a8fa65422>`_)

Tee container image version of the app is also available on GitHubContainerRegistry:: https://github.com/orgs/CycloneDX/packages/container/package/cyclonedx-python

Signed-off-by: jxdv virgoj@protonmail.com

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Signed-off-by: semantic-release semantic-release@bot.local

Co-authored-by: jxdv virgoj@protonmail.com

Co-authored-by: semantic-release semantic-release@bot.local

v4.3.0 (2024-04-20)

Features

Improve declared licenses detection (#722, ``b0ae453` <https://github.com/CycloneDX/cyclonedx-python/commit/b0ae453e7dc69356ba5e1b987a6b19a31d106909>`_)
Add declared licenses from License Troves if not mapped to SPDX license ID - CycloneDX 1.6 mark licenses as “declared”

fixes #718

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.2.0 (2024-04-18)

Features

Support CycloneDX 1.6 output (#720, ``639b35a` <https://github.com/CycloneDX/cyclonedx-python/commit/639b35ad7e9aa832a4ad9b489a2391348f97fc15>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.6 (2024-04-15)

Bug Fixes

More resilent PEP610 parsing (#716, ``93f0184` <https://github.com/CycloneDX/cyclonedx-python/commit/93f0184dd969db1536128d1ec4861f84977f0a91>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.5 (2024-04-11)

Bug Fixes

Docs for default of CLI switch --mc-type (#710, ``a218b40` <https://github.com/CycloneDX/cyclonedx-python/commit/a218b40ae8bc383e449b69ba3aa5280253387f19>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.4 (2024-03-28)

Bug Fixes

Poetry analyzer crashed with certain optional package’s version constraints (#703, ``8ade6e1` <https://github.com/CycloneDX/cyclonedx-python/commit/8ade6e18637428e86332ecd1019416dfc121e862>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.3 (2024-03-15)

Bug Fixes

Declared license texts as such, not as license name (#694, ``ec7ab3e` <https://github.com/CycloneDX/cyclonedx-python/commit/ec7ab3eb3a0aba31ce84227637aa0c91e05e76ba>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Documentation

Imprve environment use cases and examples (#690, ``0d38c7b` <https://github.com/CycloneDX/cyclonedx-python/commit/0d38c7b252e8d7f868656dd4663d1aac1c10fba5>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.2 (2024-03-01)

Build System

Use poetry v1.8.1 (#682, ``dba63b8` <https://github.com/CycloneDX/cyclonedx-python/commit/dba63b8509336757d17d1cd21cdbe72517ecfd67>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.1 (2024-02-03)

Bug Fixes

Normalize package extras (#671, ``4d550ad` <https://github.com/CycloneDX/cyclonedx-python/commit/4d550ad2467bcfbf3a8705188fd4f15e0dee194e>`_)

ALL names of package extras are normalized, according to spec: https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Documentation

Improve example for programmatic call of CLI (#670, ``2ac3f21` <https://github.com/CycloneDX/cyclonedx-python/commit/2ac3f218840b256bc84f25fa962febf484800860>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.1.0 (2024-02-02)

Features

Support poetry multi-constraint dependencies (#668, ``50d2a4b` <https://github.com/CycloneDX/cyclonedx-python/commit/50d2a4bb1827fc0e7de83a7f78fc0a4d278df93e>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v4.0.0 (2024-01-31)

Features

V4.0.0 (#605, ``6d24e65` <https://github.com/CycloneDX/cyclonedx-python/commit/6d24e656835d1be2705237100b289ae0c3ff51df>`_)

Changelog

See also the migration guide in the docs.

BC: Removed support for python < 3.8 - BC: Removed deprecated shell script cyclonedx-bom; use cyclonedx-py instead - BC: Removed conda support. However, conda’s Python environments are fully supported. See below. - BC: Removed public API. You may use the CLI instead, see chapter “usage” in the docs. - BC: Complete redesign of the CommandLineInterface(CLI): - Uses sub-commands for easy accessibility and divide in specific purposes and domains - Easy understandable flags, switches and options – in accordance with the domains - Updated help pages, added usage examples
- Dozens of new features and fixes, such as: - environment analyzer supports any Python (virtual) environment – including support for, but not limited to: conda, Hatch, PDM, Pipenv, Poetry, venv, virtualenv - Poetry analyzer support groups, filtering, and such - Pipenv analyzer support categories, filtering, and such - requirements analyzer is feature complete and fixed - More details in the SBOM results (based on method) - PackageURLs may have more qualifiers (enabled per default, disable via --short-PURLs) - component properties according to official taxonomy - SBOM results may be validated (enabled per default, disable via --no-validate) - SBOM results may have dependency graph populated (if supported by method - applies to environment and Poetry) - SBOM results may have root-component populated (if pyproject provided) - SBOM results are more diff-friendly and not just one long line of text - Fixed possible issues with input data encoding - May omit dev-dependencies or domain-specific groups/categories (if supported by method and issued by CLI switches) - Strip authentication secrets from (private) download/index URLs - Support CycloneDX 1.5 - which is the default now - Upgraded documentation, examples, … - Complete rewrite from scratch - Dependencies were bumped, dropped, added, … - QA and test suites were massively enhanced

Signed-off-by: Paul Horton paul.horton@owasp.org

Signed-off-by: Thomas Graf thomas.graf@siemens.com

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: Andreas Fehlner fehlner@arcor.de

Signed-off-by: Jan Kowalleck jan.kowalleck@owasp.org

Signed-off-by: semantic-release

Co-authored-by: Paul Horton paul.horton@owasp.org

Co-authored-by: Thomas Graf thomas.graf@siemens.com

Co-authored-by: semantic-release

Co-authored-by: dependabot[bot] 49699333+dependabot[bot]@users.noreply.github.com

Co-authored-by: github-actions github-actions@github.com

Co-authored-by: Andreas Fehlner fehlner@arcor.de

v3.11.7 (2023-11-03)

Bug Fixes

Toml-compatible fingers-crossed handling for failed input data decoding (#613, ``fb3d7bf` <https://github.com/CycloneDX/cyclonedx-python/commit/fb3d7bfd1216ad8b5328a1d348fea04fee31d3a4>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.6 (2023-11-03)

Bug Fixes

Added a fingers-crossed handling for failed input data decoding (#612, ``be55902` <https://github.com/CycloneDX/cyclonedx-python/commit/be559020e482795c6603f36e98713c6f7bde1e34>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.5 (2023-10-20)

Bug Fixes

Custom input encoding (#601, ``363934c` <https://github.com/CycloneDX/cyclonedx-python/commit/363934c0bc69ebbb23472f1173bf3c6b1e3c023a>`_)

The custom input specified via CLI’s -i option did not properly detect the input encoding. This: was fixed.

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.4 (2023-10-19)

Bug Fixes

Input file encoding fallback (``0bc7296` <https://github.com/CycloneDX/cyclonedx-python/commit/0bc72964d0578f713f405bc101742ef096bf8fd7>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.3 (2023-10-19)

Bug Fixes

Input file encoding (#596, ``a9dda4b` <https://github.com/CycloneDX/cyclonedx-python/commit/a9dda4bfd0e68529628eab99b6db00fb5214bfc3>`_)

Input files in lock-format are expected in a certain encoding, other input file encodings are: detected.

fixes https://github.com/CycloneDX/cyclonedx-python/issues/448

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Co-authored-by: Jan Kowalleck jan.kowalleck@gmail.com

Documentation

Adjust syntax hilight for code blocks (#592, ``ccac31e` <https://github.com/CycloneDX/cyclonedx-python/commit/ccac31eb4d0996236da24ca9efb57af66bd1a020>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Mark ShellSession in README (``411cf3d` <https://github.com/CycloneDX/cyclonedx-python/commit/411cf3d0a4b5005c1591211ecdc464d4747d69f1>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Publish coverage (#600, ``bd4f48e` <https://github.com/CycloneDX/cyclonedx-python/commit/bd4f48ef7f3c4c890a138c45dbc87f6ca3e2cf7b>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.2 (2023-07-12)

Bug Fixes

Referenced branch main, instead of master (#562, ``830d15c` <https://github.com/CycloneDX/cyclonedx-python/commit/830d15c27fadb475fa9a15918b1d5930cd71834d>`_)

somebody renamed the master branch to main. but forgot to transition the docs.

fixed this

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.1 (2023-07-12)

Bug Fixes

Fix typo in help page (#552, ``19bf41a` <https://github.com/CycloneDX/cyclonedx-python/commit/19bf41a52a698ee3ddee5fafc5d293ea3d9427be>`_)

it's -> its

fixes #551

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.11.0 (2023-02-11)

Documentation

Fix shields (#473, ``e32b288` <https://github.com/CycloneDX/cyclonedx-python/commit/e32b28894a8859925f22a1f45aec8608e7cd8bc3>`_)

caused by https://github.com/badges/shields/issues/8671

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Fix typo in CLI help page (#490, ``a8a8445` <https://github.com/CycloneDX/cyclonedx-python/commit/a8a844504494d10c217ba4739e6ff09b4ca34f67>`_)
Fix typos (#482, ``edbe3d4` <https://github.com/CycloneDX/cyclonedx-python/commit/edbe3d4e0ee62396ac10b42dd9ee5d6094817675>`_)
Fix typo

Signed-off-by: Thomas Beutlich thomas.beutlich@neocx.de

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Co-authored-by: Jan Kowalleck jan.kowalleck@gmail.com

Features

Deprecated CLI command cyclonedx-bom prints deprecation warning on STDERR before execution (#489, ``2009236` <https://github.com/CycloneDX/cyclonedx-python/commit/2009236c537af212aab1d5907e02f2b003f3062c>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.10.1 (2022-12-15)

Bug Fixes

Purl for PyPI packages from ‘conda list’ have the correct format now (#471, ``1573064` <https://github.com/CycloneDX/cyclonedx-python/commit/157306483a21583d752714a77ad7d0c7395291e5>`_)

Signed-off-by: Roland Weber rolweber@de.ibm.com

Documentation

Improve CONTRIBUTION instructions - sign-off step (#470, ``578c0a8` <https://github.com/CycloneDX/cyclonedx-python/commit/578c0a88e63c804b1462e3d3b617f56b53b6012e>`_)

Signed-off-by: Roland Weber rolweber@de.ibm.com

v3.10.0 (2022-12-13)

Features

Add support for poetry lock format v2.0 (#469, ``0b1e07f` <https://github.com/CycloneDX/cyclonedx-python/commit/0b1e07f91aada201088605a84ea394182ce0f10e>`_)

Signed-off-by: tewfik-ghariani tewfik.ghariani@1und1.de

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Co-authored-by: tewfik-ghariani tewfik.ghariani@1und1.de

v3.9.0 (2022-12-13)

Features

Parsers can outbut more debug messages (#466, ``9eedb4f` <https://github.com/CycloneDX/cyclonedx-python/commit/9eedb4ff27bb81f4ad323e9fa0f79230b0710032>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.8.0 (2022-12-12)

Features

Error- and debug-output is send to STDERR, instead of STDOUT (#465, ``f543b69` <https://github.com/CycloneDX/cyclonedx-python/commit/f543b69ee4463df3fb4d4b7c86475562f62e4744>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.7.4 (2022-12-12)

Bug Fixes

Ignore broken licenses in env parser (#463, ``3118acd` <https://github.com/CycloneDX/cyclonedx-python/commit/3118acdf180b6d8d35a637b3e94dc6ec7c5c5b3d>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.7.3 (2022-12-11)

Bug Fixes

Adjust dependency pip-requirements-parser to a working version (#450, ``6101986` <https://github.com/CycloneDX/cyclonedx-python/commit/610198659be408b5ef17d649aa381944d992a7dd>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.7.2 (2022-11-15)

Bug Fixes

Add a missing space in the help pages pathto -> path to (#443, ``bc5fe57` <https://github.com/CycloneDX/cyclonedx-python/commit/bc5fe5760565e608387ad7638126869550d65213>`_)

Documentation

Fix typo pathto -> path to (#443, ``bc5fe57` <https://github.com/CycloneDX/cyclonedx-python/commit/bc5fe5760565e608387ad7638126869550d65213>`_)

v3.7.1 (2022-11-10)

Bug Fixes

EnvironmentParser: Reduced crashes if no Classifiers are found (#441, ``67f56e7` <https://github.com/CycloneDX/cyclonedx-python/commit/67f56e7bfa4fb9d50654ebd07ece1ad14377a355>`_)

fixes #440

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.7.0 (2022-11-10)

Features

Pass purl-bom-ref to EnvironmentParser (#432, ``7cfefeb` <https://github.com/CycloneDX/cyclonedx-python/commit/7cfefeb389b3c63b69ad93aeca1a709231da2901>`_)

Signed-off-by: a1lu github.foreshoe@slmail.me

v3.6.4 (2022-11-10)

Bug Fixes

EnvironmentParser: Remove code break when classifier parsing in py>=3.8 (#431, ``4ab075e` <https://github.com/CycloneDX/cyclonedx-python/commit/4ab075ee814571a8dc8c1e7b962686b232619330>`_)

Signed-off-by: a1lu github.foreshoe@slmail.me

v3.6.3 (2022-09-19)

Bug Fixes

Ci release pipeline (``99ccdc6` <https://github.com/CycloneDX/cyclonedx-python/commit/99ccdc671f5a7a941f31199813bce71405bbfdd8>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.6.2 (2022-09-19)

Bug Fixes

Ci release pipeline (``6515071` <https://github.com/CycloneDX/cyclonedx-python/commit/6515071fc95d2b460577d0fbceb7d6c34a18c508>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.6.1 (2022-09-19)

Bug Fixes

Properly declare licenses from environment (#417, ``25f9e29` <https://github.com/CycloneDX/cyclonedx-python/commit/25f9e29a162f20918b6f1bbe887cc7b18c623c16>`_)

use named licenses instead of license expressions.

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.6.0 (2022-09-16)

Documentation

Describe cyclonedx-py rather than cyclonedx-bom (``c04196e` <https://github.com/CycloneDX/cyclonedx-python/commit/c04196e4404efc0513676e5baefeaf03e6b3b8e3>`_)

fixes #414

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Fix minor typo in poetry usage docs (#407, ``0abe230` <https://github.com/CycloneDX/cyclonedx-python/commit/0abe23049b5423f55b3e0951a00047f4e3f93056>`_)
Minor updates to poetry usage details & contributing.md (#407, ``0abe230` <https://github.com/CycloneDX/cyclonedx-python/commit/0abe23049b5423f55b3e0951a00047f4e3f93056>`_)

Features

Enable dependency cyclonedx-python-lib@^3 (#418, ``05cd51e` <https://github.com/CycloneDX/cyclonedx-python/commit/05cd51e1da261d29fb5c3e1722544a8f00a0cfcd>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.5.0 (2022-06-27)

v3.4.0 (2022-06-16)

v3.3.0 (2022-06-16)

v3.2.2 (2022-06-02)

Bug Fixes

Add actively used (transitive) dependencies (#363, ``1f45ad9` <https://github.com/CycloneDX/cyclonedx-python/commit/1f45ad9162be511f07e9310414793218c554a097>`_)

v3.2.1 (2022-04-05)

Bug Fixes

Cli default file for json format (``8747620` <https://github.com/CycloneDX/cyclonedx-python/commit/8747620dac7ed3eeff69369c05dfb6386a56e549>`_)

fixes #337

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.2.0 (2022-04-05)

Bug Fixes

Fix style and remove unnecessary package (#333, ``0ff6493` <https://github.com/CycloneDX/cyclonedx-python/commit/0ff6493dd59d2e8efafd35d4460847525e590937>`_)

Signed-off-by: Mostafa Moradian mostafamoradian0@gmail.com

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Co-authored-by: Mostafa Moradian mostafamoradian0@gmail.com

Documentation

Describe methods to call the tool (``2bac83a` <https://github.com/CycloneDX/cyclonedx-python/commit/2bac83a6c6f7354d8b7218c32b4b2e5d96b2fd0c>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Features

Make module callable (``5b3d8d7` <https://github.com/CycloneDX/cyclonedx-python/commit/5b3d8d7641b0f2825e5419b5ad8c8a75bf66403b>`_)

fixes #321

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.1.1 (2022-03-21)

Bug Fixes

conda-parser: Version recognition for strings (#332, ``65246dd` <https://github.com/CycloneDX/cyclonedx-python/commit/65246ddfa9a55ce53fbf87f33b1f269c519f9b3a>`_)

conda packacge string parser no longer raises unexpected errors, if the build-number is non-numeric.: fixes #331

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Documentation

Add hint for RTFD to README (``cf4f534` <https://github.com/CycloneDX/cyclonedx-python/commit/cf4f534401dc90dbe093ce1a094efb02e5fb7c90>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Add link to https://cyclonedx.org/ to README (``fc4b8e4` <https://github.com/CycloneDX/cyclonedx-python/commit/fc4b8e44bec39b175bb8994e0a59bc5076d1b2a6>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Add RTFD shield to README (``7fef6ee` <https://github.com/CycloneDX/cyclonedx-python/commit/7fef6eec5d553c7687e7b2d2af1ba4e330f16490>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

Fixed link to RTFD (``3a8669a` <https://github.com/CycloneDX/cyclonedx-python/commit/3a8669ad7ba4230d06d1e0965342a5a836a52d1f>`_)

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v3.1.0 (2022-03-10)

Bug Fixes

Sort imports (``fdec44b` <https://github.com/CycloneDX/cyclonedx-python/commit/fdec44bc111d7eb1add080a219dbc77744678f8a>`_)

Signed-off-by: Mostafa Moradian mostafamoradian0@gmail.com

Try to fix the temp file issue on Windows machines (``684d4f0` <https://github.com/CycloneDX/cyclonedx-python/commit/684d4f03ad6f8c0764dfaf8f3a38a09b91b69e5d>`_)

Signed-off-by: Mostafa Moradian mostafamoradian0@gmail.com

Documentation

Update RequirementsFileParser docs to include nested file support (``9e9021d` <https://github.com/CycloneDX/cyclonedx-python/commit/9e9021decb19d8262e87fe6955577c1bd1309d95>`_)

Signed-off-by: Mostafa Moradian mostafamoradian0@gmail.com

Features

Add pip-requirements-parser and update virtualenv to latest version (``73b2182` <https://github.com/CycloneDX/cyclonedx-python/commit/73b2182550d9635a0a5ab8e4f2226f37cf6b1b35>`_)

Signed-off-by: Mostafa Moradian mostafamoradian0@gmail.com

Add support for hashes, local packages and private repositories (``addc21a` <https://github.com/CycloneDX/cyclonedx-python/commit/addc21ae832f642298f665d426c576822038fb2f>`_)

v3.0.0 (2022-02-21)

Features

Added marker and classifiers to denote this as typed (#313, ``f317353` <https://github.com/CycloneDX/cyclonedx-python/commit/f317353bd7a24dbf4fb31642d766d94da609eb42>`_)

Signed-off-by: Paul Horton paul.horton@owasp.org

Bump to latest cyclonedx-python-lib (``5902fbf` <https://github.com/CycloneDX/cyclonedx-python/commit/5902fbf9dc5becdf7d92180242488e56b998d9de>`_)

BREAKING CHANGE: Default Schema Version has been replaced by notion of LATEST supported Schema: Version

Signed-off-by: Paul Horton paul.horton@owasp.org

Update to latest RC of cyclonedx-python-lib (``6c8b517` <https://github.com/CycloneDX/cyclonedx-python/commit/6c8b5173f07329b2086312d27af5d111f9b2c7ed>`_)

Signed-off-by: Paul Horton paul.horton@owasp.org

Update to latest RC of cyclonedx-python-lib (``bc8ee6b` <https://github.com/CycloneDX/cyclonedx-python/commit/bc8ee6bb115dd5214358430f64bd0581de5cb2e4>`_)

Signed-off-by: Paul Horton paul.horton@owasp.org

Breaking Changes

Default Schema Version has been replaced by notion of LATEST supported Schema Version

v2.0.3 (2022-02-03)

Bug Fixes

Docker image releae checkout ref w/o tags (#309, ``5d8b1e1` <https://github.com/CycloneDX/cyclonedx-python/commit/5d8b1e159c2ced59e810b9e9564e19a29fe263d0>`_)

fixes #308

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

v2.0.2 (2022-02-03)

Bug Fixes

Properly support reading from stdin (#307, ``23f31a0` <https://github.com/CycloneDX/cyclonedx-python/commit/23f31a03a4fbf888f396b88a9413c054358b2a3a>`_)
Adjust cli when reading from stdin.

Bind reading from stdin on specifying -i -. This is part of: ``argparse.FileType` <https://docs.python.org/3/library/argparse.html?highlight=pseudo-argument#argparse.FileType>`_.

Local tests under the following conditions:

implicit reading poetry.lock using args -p -o - * explicit reading poetry.lock using args -p -i poetry.lock -o - * explicit reading poetry.lock file after renaming using cat p.lock | python -m cyclonedx_py.client -p -i - -o -

Signed-off-by: Theodor van Nahl theo@van-nahl.org

v2.0.1 (2022-01-24)

Bug Fixes

Bump dependencies to get latest cyclonedx-python-lib (``87c3fe7` <https://github.com/CycloneDX/cyclonedx-python/commit/87c3fe7747cd8abd55ad5699bfc87ad9877c8132>`_)

Signed-off-by: Paul Horton paul.horton@owasp.org

v2.0.0 (2022-01-13)

Bug Fixes

Addressed flake8 issues (#294, ``7bb6d32` <https://github.com/CycloneDX/cyclonedx-python/commit/7bb6d328adec59cdd4c3ab80eb5f39568ca3bc9c>`_)
Corrected import (#294, ``7bb6d32` <https://github.com/CycloneDX/cyclonedx-python/commit/7bb6d328adec59cdd4c3ab80eb5f39568ca3bc9c>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

Signed-off-by: Paul Horton paul.horton@owasp.org

Documentation

Readme maintenance - shields & links (#266, ``a34046f` <https://github.com/CycloneDX/cyclonedx-python/commit/a34046f9b4c96d013fdf2dbdac5e930aa9204e15>`_)
README: added typehint to the vode blocks

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

README: fixed fenced-code and lists
README: shields got modernixed and linked
README: harmonized links

Features

Add support for CycloneDX 1.4 specification (#294, ``7bb6d32` <https://github.com/CycloneDX/cyclonedx-python/commit/7bb6d328adec59cdd4c3ab80eb5f39568ca3bc9c>`_)
Add support for output to CycloneDX 1.4 (draft) (#294, ``7bb6d32` <https://github.com/CycloneDX/cyclonedx-python/commit/7bb6d328adec59cdd4c3ab80eb5f39568ca3bc9c>`_)
Breaking CHANGE - relocated concrete parsers (#299) (#294, ``7bb6d32` <https://github.com/CycloneDX/cyclonedx-python/commit/7bb6d328adec59cdd4c3ab80eb5f39568ca3bc9c>`_)
Breaking CHANGE - relocated concrete parsers from cyclonedx-python-lib (#294, ``7bb6d32` <https://github.com/CycloneDX/cyclonedx-python/commit/7bb6d328adec59cdd4c3ab80eb5f39568ca3bc9c>`_)

v1.5.3 (2021-11-23)

v1.5.2 (2021-11-23)

Bug Fixes

Corrected docker image build process to not rely on dist folder which is cleaned up by python-semantic-release (``6c65c11` <https://github.com/CycloneDX/cyclonedx-python/commit/6c65c11d439169417e2ef7e94cacb1ec216eb11c>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

Revert to previous process for building Docker image as PyPi index update is too slow to pull straight away after publish (``67bb738` <https://github.com/CycloneDX/cyclonedx-python/commit/67bb738246bfe0ca3acd409d8c5a27fd7a305347>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.5.1 (2021-11-23)

Bug Fixes

Re-enable build and publish of Docker Image (#263, ``478360d` <https://github.com/CycloneDX/cyclonedx-python/commit/478360db0de269159ab6e3777cd291b87e2e1174>`_)
Update Dockerfile to use Python 3.10 (#263, ``478360d` <https://github.com/CycloneDX/cyclonedx-python/commit/478360db0de269159ab6e3777cd291b87e2e1174>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.5.0 (2021-11-17)

Features

Support for Python 3.10 (#261, ``f4f9ffe` <https://github.com/CycloneDX/cyclonedx-python/commit/f4f9ffe4b1e2d4fffe4ad0b274a067a20c9c372f>`_)
enabled py3.10 tests in CI

Signed-off-by: Jan Kowalleck jan.kowalleck@gmail.com

add py-version classifiers

v1.4.3 (2021-11-16)

Bug Fixes

Add static code analysis, better typing and bump cyclonedx-python-lib to 0.11 (``d5d9f56` <https://github.com/CycloneDX/cyclonedx-python/commit/d5d9f563f2ceb1bdfb2f9cb39ff07af9f0deca26>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.4.2 (2021-11-12)

Bug Fixes

If no input file is supplied and no input is provided on STDIN, we will now try to automatically locate (in the current working directory) a manifest with default name for the input type specified. This works for PIP (Pipfile.lock), Poetry (poetry.lock) and Requirements (requirements.txt) (``93f9e59` <https://github.com/CycloneDX/cyclonedx-python/commit/93f9e5985f0d0cecd865b66119276d33b2175fe9>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.4.1 (2021-10-26)

Bug Fixes

Corrected documentation after deprecation of -rf, -pf, --poetry-file, --requirements-file and --pip-file (``4c4c8d8` <https://github.com/CycloneDX/cyclonedx-python/commit/4c4c8d8d4756ebc953c26504052d5469f3c47cfa>`_)

v1.4.0 (2021-10-21)

Bug Fixes

Encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.1) (``fe5df36` <https://github.com/CycloneDX/cyclonedx-python/commit/fe5df3607157b2f24854ef1f69457f163d79a093>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

Encoding issues on Windows (bump cyclonedx-python-lib to ^0.10.2) (``da6772b` <https://github.com/CycloneDX/cyclonedx-python/commit/da6772be89ad923b1d8df6dd3b2a89c6e5805571>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

Features

Add conda support (bump cyclonedx-python-lib to ^0.10.0) (``cb24275` <https://github.com/CycloneDX/cyclonedx-python/commit/cb24275f3e8716244de2b4ef0a046b879fa88ba5>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.3.1 (2021-10-19)

Bug Fixes

Bump to cyclonedx-python-lib to resolve issue #244 (``ebea3ef` <https://github.com/CycloneDX/cyclonedx-python/commit/ebea3ef47e917479a7474489bb274b5fa9704375>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.3.0 (2021-10-19)

Features

Add license information in CycloneDX BOM when using Environment as the source (``5d1f9a7` <https://github.com/CycloneDX/cyclonedx-python/commit/5d1f9a76cfa2bc1461a3dcf4c140d81876a37c40>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.2.0 (2021-10-12)

Features

Update to latest stable cyclonedx-python-lib (``6145bd5` <https://github.com/CycloneDX/cyclonedx-python/commit/6145bd52c450e66f42367e61e086d2a9d9818b47>`_)
Enables PipEnv support natively - Vast improvements to quality and information contained in the genereated CycloneDX BOM documents - see cyclonedx-python-lib for details - Various old files removes

Signed-off-by: Paul Horton phorton@sonatype.com

v1.1.0 (2021-10-04)

Features

Add support for generating SBOM from poetry.lock files (``bb4ac0f` <https://github.com/CycloneDX/cyclonedx-python/commit/bb4ac0f29b46db59b192191f65dfa40757268188>`_)

Signed-off-by: Paul Horton phorton@sonatype.com

v1.0.5 (2021-09-27)

Bug Fixes

Handle requirements.txt which contain dependencies without a version statement and warn that they cannot be included in the resulting CycloneDX BOM (``e637e56` <https://github.com/CycloneDX/cyclonedx-python/commit/e637e56cada6d841dae193c106647b0b03a4e776>`_)

Signed-off-by: Paul Horton phorton@sonatype.com