Summary

@type bom_opts() :: [
  starting_bom: t(),
  serial: String.t(),
  version: String.t(),
  only: [atom()],
  targets: [atom()],
  classification: classification(),
  system_dependencies: boolean()
]

classification()

@type classification() ::
  SBoM.CycloneDX.V13.Classification.t()
  | SBoM.CycloneDX.V14.Classification.t()
  | SBoM.CycloneDX.V15.Classification.t()
  | SBoM.CycloneDX.V16.Classification.t()
  | SBoM.CycloneDX.V17.Classification.t()

format()

@type format() :: :protobuf | :json | :xml

schema_version()

@type schema_version() :: String.t()

t()

@type t() ::
  SBoM.CycloneDX.V13.Bom.t()
  | SBoM.CycloneDX.V14.Bom.t()
  | SBoM.CycloneDX.V15.Bom.t()
  | SBoM.CycloneDX.V16.Bom.t()
  | SBoM.CycloneDX.V17.Bom.t()

Functions

bom(opts \\ [])

@spec bom(bom_opts()) :: t()

Generate a BOM for the current Mix project and its dependencies.

canonicalize_bom(bom)

@spec canonicalize_bom(t()) :: t()

Canonicalize a BOM for comparison by removing volatile fields that change between generations but don't indicate actual content changes.

Removes: serial_number, version, and timestamp from metadata.

decode(data, format)

@spec decode(String.t(), :json) :: t()

Decode a BOM

empty(version \\ "1.7")

@spec empty(schema_version()) :: t()

Create an empty BOM structure for the given schema version.

encode(bom, type, pretty \\ false)

@spec encode(t(), format(), boolean()) :: iodata()

Encode a BOM

equivalent?(bom1, bom2)

@spec equivalent?(t(), t()) :: boolean()

Compare two BOMs for equivalence.

First compares directly. If not equal, canonicalizes both BOMs by removing volatile fields (serial_number, version, timestamp) and compares again.

SBoM.CycloneDX (SBoM v0.9.1)

Summary

Types

Functions

Types

bom_opts()

classification()

format()

schema_version()

t()

Functions

bom(opts \\ [])

canonicalize_bom(bom)

decode(data, format)

empty(version \\ "1.7")

encode(bom, type, pretty \\ false)

equivalent?(bom1, bom2)