CycloneDX’s Python Library documentation

OWASP CycloneDX is a system‑transparency standard providing full‑stack Bills of Materials (BOMs) and advanced supply‑chain insights throughout the entire product lifecycle.

This Python package provides data models, validators and more, to help you create/render/read CycloneDX documents.

This package is not designed for standalone use. It is a software library.

As of version 3.0.0 of this library, the internal data model was adjusted to allow CycloneDX VEX documents to be produced as per official examples linking VEX to a separate CycloneDX document.

If you’re looking for a CycloneDX tool to run to generate (SBOM) software bill-of-materials documents, why not checkout CycloneDX Python or Jake.

Contents:

• Responsibilities
• Capabilities
• Installation
  • Extras
• Architecture
  • Modelling
  • Schema Support
  • Outputting
• Examples
  • Complex Serialize
  • Complex Deserialize
  • Complex Validation
• Contributing
  • Setup
  • Code style
  • Documentation
  • Testing
  • Sign off your commits
  • Pre-commit hooks
• Support
  • Python Version Support
• Changelog
  • CHANGELOG
• Upgrading to v8
  • Add this library to Metadata Tools
  • Import model Tool
  • Alter Metadata Tools
  • Alter Vulnerability Tools
  • Set LicenseExpression Acknowledgement
• API Reference
  • cyclonedx