Pull requests are welcome. But please read the CycloneDX contributing guidelines first.


This project uses poetry. Have it installed and setup first.

To install dev-dependencies and tools:

poetry install

Code style

This project uses PEP8 Style Guide for Python Code.
This project loves sorted imports.
Get it all applied via:

poetry run isort .
poetry run autopep8 -ir cyclonedx_py/ tests/

This project prefers f'strings' over 'string'.format().
This project prefers 'single quotes' over "double quotes".
This project prefers lower_snake_case variable names.


This project uses Sphinx to generate documentation which is automatically published to RTFD.

Source for documentation is stored in the docs folder in RST format.

You can generate the documentation locally by running:

cd docs
pip install -r requirements.txt
make html


poetry run tox run

Sign off your commits

Please sign off your commits, to show that you agree to publish your changes under the current terms and licenses of the project , and to indicate agreement with Developer Certificate of Origin (DCO).

git commit --signoff ...