-
|
How to add project python version to bom.xml? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
|
Not sure I understand the question. Do you want to include the Python version used for runtime or compiling in the bom as another component? If so, there isn't a direct way to do this, however, the CycloneDX spec was intentionally designed to be simplistic to account for the dynamic addition of runtime and environmental dependencies not part of the build itself. In this case, you could simply create an XML fragment with the Python component information and use one of the many XML CLI utilities to append the fragment in the components node. The Node version does something similar where it can optionally merge multiple boms together. |
Beta Was this translation helpful? Give feedback.
-
|
Closing this due to inactivity. |
Beta Was this translation helpful? Give feedback.
-
|
Can I ask why there's no direct way to include the runtime Python version in the SBOM? I would have naively thought that it's an important dependency, too. |
Beta Was this translation helpful? Give feedback.
-
|
it is, please create an issue for that to request the feature. |
Beta Was this translation helpful? Give feedback.
-
|
I wrote up something short. I don't think it's fully complete especially wrt edge cases, but it should provide a decent starting point: #597 |
Beta Was this translation helpful? Give feedback.
I wrote up something short. I don't think it's fully complete especially wrt edge cases, but it should provide a decent starting point: #597