# `SBoM.CycloneDX`
[🔗](https://github.com/erlef/mix_sbom/blob/v0.10.0/lib/sbom/cyclonedx.ex#L5)

SBoM CycloneDX encoding and decoding.

# `bom_opts`

```elixir
@type bom_opts() :: [
  starting_bom: t(),
  serial: String.t(),
  version: String.t(),
  only: [atom()],
  targets: [atom()],
  classification: classification(),
  system_dependencies: boolean()
]
```

# `classification`

```elixir
@type classification() ::
  SBoM.CycloneDX.V13.Classification.t()
  | SBoM.CycloneDX.V14.Classification.t()
  | SBoM.CycloneDX.V15.Classification.t()
  | SBoM.CycloneDX.V16.Classification.t()
  | SBoM.CycloneDX.V17.Classification.t()
```

# `format`

```elixir
@type format() :: :protobuf | :json | :xml
```

# `schema_version`

```elixir
@type schema_version() :: String.t()
```

# `t`

```elixir
@type t() ::
  SBoM.CycloneDX.V13.Bom.t()
  | SBoM.CycloneDX.V14.Bom.t()
  | SBoM.CycloneDX.V15.Bom.t()
  | SBoM.CycloneDX.V16.Bom.t()
  | SBoM.CycloneDX.V17.Bom.t()
```

# `bom`

```elixir
@spec bom(bom_opts()) :: t()
```

Generate a BOM for the current Mix project and its dependencies.

# `canonicalize_bom`

```elixir
@spec canonicalize_bom(t()) :: t()
```

Canonicalize a BOM for comparison by removing volatile fields that change
between generations but don't indicate actual content changes.

Removes: serial_number, version, and timestamp from metadata.

# `decode`

```elixir
@spec decode(String.t(), :json) :: t()
```

Decode a BOM

# `empty`

```elixir
@spec empty(schema_version()) :: t()
```

Create an empty BOM structure for the given schema version.

# `encode`

```elixir
@spec encode(t(), format(), boolean()) :: iodata()
```

Encode a BOM

# `equivalent?`

```elixir
@spec equivalent?(t(), t()) :: boolean()
```

Compare two BOMs for equivalence.

First compares directly. If not equal, canonicalizes both BOMs by removing
volatile fields (serial_number, version, timestamp) and compares again.

---

*Consult [api-reference.md](api-reference.md) for complete listing*