`cyclonedx-bom`

The CycloneDX library provides JSON and XML serialization and derserialization of Software Bill-of-Materials (SBOM) files.

CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.

The library is intended to enable developers to:

Construct SBOM documents that conform the CycloneDX specification
Parse and validate JSON and XML SBOM documents
Perform modifications to BOM documents (e.g. merging multiple BOMs using a variety of algorithms)

Usage

Read and validate an SBOM

```rust use cyclonedx_bom::prelude::*;

let bomjson = r#"{ "bomFormat": "CycloneDX", "specVersion": "1.3", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1 }"#; let bom = Bom::parsefromjsonv13(bomjson.as_bytes()).expect("Failed to parse BOM");

let validationresult = bom.validate().expect("Failed to validate BOM"); asserteq!(validation_result, ValidationResult::Passed); ```

Create and output an SBOM

```rust use cyclonedxbom::prelude::*; use cyclonedxbom::models::{ tool::{Tool, Tools}, };

let bom = Bom { serialnumber: Some( UrnUuid::new("urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79".tostring()) .expect("Failed to create UrnUuid"), ), metadata: Some(Metadata { tools: Some(Tools(vec![Tool { name: Some(NormalizedString::new("my_tool")), ..Tool::default() }])), ..Metadata::default() }), ..Bom::default() };

let mut output = Vec::::new();

bom.outputasjsonv13(&mut output) .expect("Failed to write BOM"); let output = String::fromutf8(output).expect("Failed to read output as a string"); asserteq!( output, r#"{ "bomFormat": "CycloneDX", "specVersion": "1.3", "version": 1, "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "metadata": { "tools": [ { "name": "my_tool" } ] } }"# ); ```

Copyright & License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] file for the full license.