diff --git a/README.md b/README.md index ebcc010..1bfa537 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,10 @@ A Python library for creating and consuming documents in [standard-bom format](https://sbom.siemens.io/latest/format.html). -This library is mainly a wrapper for the official -[cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib/) library. +"Standard BOM" is our Siemens-internal SBOM format based on the [Siemens CycloneDX Property Taxonomy](https://github.com/siemens/cyclonedx-property-taxonomy), which is 100% compatible with the CycloneDX. + +Every Standard BOM document is a 100% CycloneDX document, so both CycloneDX and Standard BOM formats are supported both +for reading and writing SBOMs with this library. ## Installation @@ -120,8 +122,8 @@ component.licenses = licenses In order to build this library on your local PC, and/or contribute to this library, mind the following prerequisites: -- [Python](https://www.python.org/doc/versions/) > v3.10 - ideally > v3.12 -- [Poetry](https://python-poetry.org/) > v1.8.0 +- [Python](https://www.python.org/doc/versions/) >=3.10, <4.0 +- [Poetry](https://python-poetry.org/) >= v2.0 --- Once you have those prerequisites you can perform following development tasks locally: diff --git a/siemens_standard_bom/model.py b/siemens_standard_bom/model.py index d7a5353..de3f894 100644 --- a/siemens_standard_bom/model.py +++ b/siemens_standard_bom/model.py @@ -596,7 +596,7 @@ def _set_supplier_if_missing(self) -> None: if not self.bom.metadata.supplier: self.bom.metadata.supplier = OrganizationalEntity(name='Siemens or its Affiliates') - def _set_metadata_property(self, property_name: str, value: str) -> None: + def _set_metadata_property(self, property_name: str, value: Optional[str | None]) -> None: existing = next(filter(lambda p: p.name == property_name, self.bom.metadata.properties), None) if existing: @@ -666,7 +666,7 @@ def profile(self) -> Optional[str]: return self._get_metadata_property(PROPERTY_PROFILE) @profile.setter - def profile(self, value: str) -> None: + def profile(self, value: Optional[str | None]) -> None: self._set_metadata_property(PROPERTY_PROFILE, value) @property diff --git a/tests/test_model_sbom_component.py b/tests/test_model_sbom_component.py index 4953b12..deee045 100644 --- a/tests/test_model_sbom_component.py +++ b/tests/test_model_sbom_component.py @@ -58,7 +58,10 @@ def test_property_setters(self) -> None: self.assertEqual("42.42", component.version) component.purl = PackageURL(type="generic", name="foo.zip") - self.assertEqual("foo.zip", component.purl.name) + if component.purl is not None: + self.assertEqual("foo.zip", component.purl.name) + else: + self.fail("component.purl should not be None") component.add_author(OrganizationalContact(name="Lex Luthor")) self.assertEqual("Lex Luthor", component.authors[0].name) @@ -93,16 +96,16 @@ def test_direct_dependency(self) -> None: component = SbomComponent(Component(name="test")) self.assertFalse(component.direct_dependency) - component.direct_dependency = "true" # type: ignore[assignment] + component.direct_dependency = "true" self.assertTrue(component.direct_dependency) - component.direct_dependency = "True" # type: ignore[assignment] + component.direct_dependency = "True" self.assertTrue(component.direct_dependency) - component.direct_dependency = "False" # type: ignore[assignment] + component.direct_dependency = "False" self.assertFalse(component.direct_dependency) - component.direct_dependency = "something" # type: ignore[assignment] + component.direct_dependency = "something" self.assertFalse(component.direct_dependency) def test_internal(self) -> None: diff --git a/tests/test_v3_parser_write.py b/tests/test_v3_parser_write.py index 838bfe7..b305d09 100644 --- a/tests/test_v3_parser_write.py +++ b/tests/test_v3_parser_write.py @@ -152,7 +152,7 @@ def test_write_with_set_licenses(self) -> None: )) licenses = [LicenseExpression("MIT")] - comp.licenses = licenses # type: ignore[assignment] # this is a mypy issue + comp.licenses = licenses sbom.add_component(comp) StandardBomParser.save(sbom, output_filename, with_dependencies=False)