Struct serde_cyclonedx::cyclonedx::v_1_4::CycloneDx
source · pub struct CycloneDx {Show 13 fields
pub schema: Option<String>,
pub bom_format: String,
pub components: Option<Vec<Component>>,
pub compositions: Option<Vec<Compositions>>,
pub dependencies: Option<Vec<Dependency>>,
pub external_references: Option<Vec<ExternalReference>>,
pub metadata: Option<Metadata>,
pub serial_number: Option<String>,
pub services: Option<Vec<Service>>,
pub signature: Option<String>,
pub spec_version: String,
pub version: i64,
pub vulnerabilities: Option<Vec<Vulnerability>>,
}
Fields§
§schema: Option<String>
§bom_format: String
Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces. This value MUST be “CycloneDX”.
components: Option<Vec<Component>>
A list of software and hardware components.
compositions: Option<Vec<Compositions>>
Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness.
dependencies: Option<Vec<Dependency>>
Provides the ability to document dependency relationships.
external_references: Option<Vec<ExternalReference>>
External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM.
metadata: Option<Metadata>
Provides additional information about a BOM.
serial_number: Option<String>
Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED.
services: Option<Vec<Service>>
A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services.
signature: Option<String>
Enveloped signature in JSON Signature Format (JSF).
spec_version: String
The version of the CycloneDX specification a BOM conforms to (starting at version 1.2).
version: i64
Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is ‘1’.
vulnerabilities: Option<Vec<Vulnerability>>
Vulnerabilities identified in components or services.