From 1467b212ee1a7b9ea72486d6e893ce7b76c61ffe Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 14:45:43 +0200 Subject: [PATCH 1/6] docs: migrate to v8.0.0 Signed-off-by: Jan Kowalleck --- docs/upgrading.rst | 16 ++++++++++++++++ examples/complex_serialize.py | 3 +++ 2 files changed, 19 insertions(+) create mode 100644 docs/upgrading.rst diff --git a/docs/upgrading.rst b/docs/upgrading.rst new file mode 100644 index 00000000..d2af6680 --- /dev/null +++ b/docs/upgrading.rst @@ -0,0 +1,16 @@ +Upgrading to v8 +=============== + +Version 8 is not backwards compatible. Some behaviours and integrations changed. +This document covers all breaking changes and should give guidance how to migrate from previous versions. + +This document is not a full :doc:`change log `, but a migration path. + +____ + +Downstream users SHOULD add the following to their BOM build processes, to keep track of used libraries for potential troubleshooting: + +```py + + +``` diff --git a/examples/complex_serialize.py b/examples/complex_serialize.py index 477e7ee5..6448a2a7 100644 --- a/examples/complex_serialize.py +++ b/examples/complex_serialize.py @@ -20,6 +20,7 @@ from packageurl import PackageURL +from cyclonedx.builder.this import this_component as cdx_lib_component from cyclonedx.exception import MissingOptionalDependencyException from cyclonedx.factory.license import LicenseFactory from cyclonedx.model import XsUri @@ -43,6 +44,8 @@ # region build the BOM bom = Bom() +bom.metadata.tools.components.add(cdx_lib_component()) + bom.metadata.component = root_component = Component( name='myApp', type=ComponentType.APPLICATION, From 1006a99aaf46e122340141ea765dac2bcb1b9d00 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 15:22:37 +0200 Subject: [PATCH 2/6] docs: migrate to v8.0.0 Signed-off-by: Jan Kowalleck --- docs/upgrading.rst | 51 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/docs/upgrading.rst b/docs/upgrading.rst index d2af6680..d8b69d0e 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -6,11 +6,54 @@ This document covers all breaking changes and should give guidance how to migrat This document is not a full :doc:`change log `, but a migration path. -____ +Add this library to Metadata Tools +---------------------------------- -Downstream users SHOULD add the following to their BOM build processes, to keep track of used libraries for potential troubleshooting: +This library no longer adds itself to the metadata. -```py +Downstream users SHOULD add the following to their BOM build processes, +to keep track of used libraries during the build process. +.. code-block:: python -``` + from cyclonedx.builder.this import this_component as cdx_lib_component + from cyclonedx.model.bom import Bom + + bom = Bom() + bom.metadata.tools.components.add(cdx_lib_component()) + +Import model `Tool` +------------------- + +Class `cyclonedx.model.Tool` was moved to :class:`cyclonedx.model.tool.Tool`. +Therefore, the imports need to be altered: + +Old: ``from cyclonedx.model import Tool`` + +New: ``from cyclonedx.model.tool import Tool`` + +Altering Metadata Tools +----------------------- + +:prop:`cyclonedx.mode.bom.BomMetaData.tool` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. +Therefore, the process of adding new tools was changed. + +Old: ``my_bom.metadata.tools.add(my_tool)`` + +New: ``my_bom.metadata.tools.tools.add(my_tool)`` + +Altering Metadata Tools +----------------------- + +:prop:`cyclonedx.mode.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. +Therefore, the process of adding new tools was changed. + +Old: ``my_vulnerability.tools.add(my_tool)`` + +New: ``my_vulnerability.tools.tools.add(my_tool)`` + +:class:`cyclonedx.model.license.LicenseExpression()` no longer accepts optional arguments in a positional way, but in a key-word way. + +Old: ``LicenseExpression(my_exp, my_acknowledgement)`` + +New: ``LicenseExpression(my_exp, acknowledgement=my_acknowledgement)`` From f351a2d89f516f0d7ee0d4e3daf8e86994b897d5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 15:35:25 +0200 Subject: [PATCH 3/6] docs: migrate to v8.0.0 Signed-off-by: Jan Kowalleck --- docs/index.rst | 1 + docs/upgrading.rst | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/index.rst b/docs/index.rst index 84bd1126..787ce717 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -47,3 +47,4 @@ If you're looking for a CycloneDX tool to run to generate (SBOM) software bill-o contributing support changelog + upgrading diff --git a/docs/upgrading.rst b/docs/upgrading.rst index d8b69d0e..7205dfcb 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -22,8 +22,8 @@ to keep track of used libraries during the build process. bom = Bom() bom.metadata.tools.components.add(cdx_lib_component()) -Import model `Tool` -------------------- +Import model Tool +----------------- Class `cyclonedx.model.Tool` was moved to :class:`cyclonedx.model.tool.Tool`. Therefore, the imports need to be altered: @@ -35,7 +35,7 @@ New: ``from cyclonedx.model.tool import Tool`` Altering Metadata Tools ----------------------- -:prop:`cyclonedx.mode.bom.BomMetaData.tool` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. +Property :attr:`cyclonedx.model.bom.BomMetaData.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. Therefore, the process of adding new tools was changed. Old: ``my_bom.metadata.tools.add(my_tool)`` @@ -45,13 +45,16 @@ New: ``my_bom.metadata.tools.tools.add(my_tool)`` Altering Metadata Tools ----------------------- -:prop:`cyclonedx.mode.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. +Property :attr:`cyclonedx.model.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. Therefore, the process of adding new tools was changed. Old: ``my_vulnerability.tools.add(my_tool)`` New: ``my_vulnerability.tools.tools.add(my_tool)`` +Setting LicenseExpression Acknowledgement +----------------------------------------- + :class:`cyclonedx.model.license.LicenseExpression()` no longer accepts optional arguments in a positional way, but in a key-word way. Old: ``LicenseExpression(my_exp, my_acknowledgement)`` From 87404f9ecb114c675666f65cdb5219c1842e5bb9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 15:37:24 +0200 Subject: [PATCH 4/6] docs: migrate to v8.0.0 Signed-off-by: Jan Kowalleck --- docs/upgrading.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/upgrading.rst b/docs/upgrading.rst index 7205dfcb..2a14e5a2 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -42,8 +42,8 @@ Old: ``my_bom.metadata.tools.add(my_tool)`` New: ``my_bom.metadata.tools.tools.add(my_tool)`` -Altering Metadata Tools ------------------------ +Altering Vulnerability Tools +---------------------------- Property :attr:`cyclonedx.model.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. Therefore, the process of adding new tools was changed. From d8c58b35da879ab3a665153f085f71067a270bff Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 15:38:00 +0200 Subject: [PATCH 5/6] docs: migrate to v8.0.0 Signed-off-by: Jan Kowalleck --- docs/upgrading.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/upgrading.rst b/docs/upgrading.rst index 2a14e5a2..f56fca11 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -32,8 +32,8 @@ Old: ``from cyclonedx.model import Tool`` New: ``from cyclonedx.model.tool import Tool`` -Altering Metadata Tools ------------------------ +Alter Metadata Tools +-------------------- Property :attr:`cyclonedx.model.bom.BomMetaData.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. Therefore, the process of adding new tools was changed. @@ -42,8 +42,8 @@ Old: ``my_bom.metadata.tools.add(my_tool)`` New: ``my_bom.metadata.tools.tools.add(my_tool)`` -Altering Vulnerability Tools ----------------------------- +Alter Vulnerability Tools +------------------------- Property :attr:`cyclonedx.model.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. Therefore, the process of adding new tools was changed. @@ -52,8 +52,8 @@ Old: ``my_vulnerability.tools.add(my_tool)`` New: ``my_vulnerability.tools.tools.add(my_tool)`` -Setting LicenseExpression Acknowledgement ------------------------------------------ +Set LicenseExpression Acknowledgement +------------------------------------- :class:`cyclonedx.model.license.LicenseExpression()` no longer accepts optional arguments in a positional way, but in a key-word way. From 4cd56ac7b69d5724c2df8f7abf68b56dc66d147f Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 15:44:52 +0200 Subject: [PATCH 6/6] docs: migrate to v8.0.0 Signed-off-by: Jan Kowalleck --- docs/upgrading.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/upgrading.rst b/docs/upgrading.rst index f56fca11..6f9e8cff 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -26,7 +26,7 @@ Import model Tool ----------------- Class `cyclonedx.model.Tool` was moved to :class:`cyclonedx.model.tool.Tool`. -Therefore, the imports need to be altered: +Therefore, the imports need to be migrated: Old: ``from cyclonedx.model import Tool`` @@ -36,7 +36,7 @@ Alter Metadata Tools -------------------- Property :attr:`cyclonedx.model.bom.BomMetaData.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. -Therefore, the process of adding new tools was changed. +Therefore, the process of adding new tools needs to be migrated changed. Old: ``my_bom.metadata.tools.add(my_tool)`` @@ -46,7 +46,7 @@ Alter Vulnerability Tools ------------------------- Property :attr:`cyclonedx.model.vulnerability.Vulnerability.tools` is an instance of :class:`cyclonedx.model.tool.ToolsRepository`, now. -Therefore, the process of adding new tools was changed. +Therefore, the process of adding new tools needs to be migrated changed. Old: ``my_vulnerability.tools.add(my_tool)``