doc: updated documentation with Conda support (and missed updates for externalReferences)

Signed-off-by: Paul Horton <[email protected]>

Author: madpah

README.md

@@ -49,6 +49,8 @@ You can use one of the parsers to obtain information about your project or envir
 
 | Parser | Class / Import | Description |
 | ------- | ------ | ------ |
+| CondaListJsonParser | `from cyclonedx.parser.conda import CondaListJsonParser` | Parses input provided as a `str` that is output from `conda list --json` |
+| CondaListExplicitParser | `from cyclonedx.parser.conda import CondaListExplicitParser` | Parses input provided as a `str` that is output from `conda list --explicit` or `conda list --explicit --md5` |
 | Environment | `from cyclonedx.parser.environment import EnvironmentParser` | Looks at the packaged installed in your current Python environment. |
 | PipEnvParser | `from cyclonedx.parser.pipenv import PipEnvParser` | Parses `Pipfile.lock` content passed in as a string. |
 | PipEnvFileParser | `from cyclonedx.parser.pipenv import PipEnvFileParser` | Parses the `Pipfile.lock` file at the supplied path. |
@@ -194,6 +196,11 @@ _Note: We refer throughout using XPath, but the same is true for both XML and JS
          <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
          <td>&nbsp;</td>
       </tr>
+      <tr>
+         <td><code>./externalReferences</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>N/A</td>
+         <td>Not all Parsers have this information. It will be populated where there is information available.</td>
+      </tr>
       <tr>
          <td><code>./hashes</code></td>
          <td>Y</td><td>Y</td><td>Y</td><td>Y</td>

cyclonedx/parser/__init__.py

@@ -24,28 +24,28 @@
 information is obtained by each set of Parsers. It does NOT guarantee the information is output in the resulting
 CycloneDX BOM document.
 
-| Data Path | Environment | Pipenv | Poetry | Requirements |
+| Data Path | Conda | Environment | Pipenv | Poetry | Requirements |
 | ----------- | ----------- | ----------- | ----------- | ----------- |
-| `component.supplier` | N (if in package METADATA) | N/A | | |
-| `component.author` | Y (if in package METADATA) | N/A | | |
-| `component.publisher` | N (if in package METADATA) | N/A | | |
-| `component.group` | - | - | - | - |
-| `component.name` | Y | Y | Y | Y |
-| `component.version` | Y | Y | Y | Y |
-| `component.description` | N | N/A | N | N/A |
-| `component.scope` | N | N/A | N | N/A |
-| `component.hashes` | N/A | Y - see below (1) | Y - see below (1) | N/A |
-| `component.licenses` | Y (if in package METADATA) | N/A | N/A | N/A |
-| `component.copyright` | N (if in package METADATA) | N/A | N/A | N/A |
-| `component.cpe` | _Deprecated_ | _Deprecated_ | _Deprecated_ | _Deprecated_ |
-| `component.purl` | Y | Y | Y | Y |
-| `component.swid` | N/A | N/A | N/A | N/A |
-| `component.modified` | _Deprecated_ | _Deprecated_ | _Deprecated_ | _Deprecated_ |
-| `component.pedigree` | N/A | N/A | N/A | N/A |
-| `component.externalReferences` | N/A | Y - see below (1) | Y - see below (1) | N/A |
-| `component.properties` | N/A | N/A | N/A | N/A |
-| `component.components` | N/A | N/A | N/A | N/A |
-| `component.evidence` | N/A | N/A | N/A | N/A |
+| `component.supplier` | N | N (if in package METADATA) | N/A | | |
+| `component.author` | N | Y (if in package METADATA) | N/A | | |
+| `component.publisher` | N | N (if in package METADATA) | N/A | | |
+| `component.group` | - | - | - | - | - |
+| `component.name` | Y |Y | Y | Y | Y |
+| `component.version` | Y |Y | Y | Y | Y |
+| `component.description` | N |N | N/A | N | N/A |
+| `component.scope` | N |N | N/A | N | N/A |
+| `component.hashes` | Y - see below (2) | N/A | Y - see below (1) | Y - see below (1) | N/A |
+| `component.licenses` | N | Y (if in package METADATA) | N/A | N/A | N/A |
+| `component.copyright` | N |N (if in package METADATA) | N/A | N/A | N/A |
+| `component.cpe` | _Deprecated_ |_Deprecated_ | _Deprecated_ | _Deprecated_ | _Deprecated_ |
+| `component.purl` | Y |Y | Y | Y | Y |
+| `component.swid` | N/A |N/A | N/A | N/A | N/A |
+| `component.modified` | _Deprecated_ |_Deprecated_ | _Deprecated_ | _Deprecated_ | _Deprecated_ |
+| `component.pedigree` | N/A |N/A | N/A | N/A | N/A |
+| `component.externalReferences` | Y - see below (3) | N/A | Y - see below (1) | Y - see below (1) | N/A |
+| `component.properties` | N/A | N/A | N/A | N/A | N/A |
+| `component.components` | N/A | N/A | N/A | N/A | N/A |
+| `component.evidence` | N/A | N/A | N/A | N/A | N/A |
 
 **Legend:**
 
@@ -61,6 +61,9 @@
     supports only a single set of hashes identifying a single artefact at `component.hashes`. To cater for this
     situation in Python, we add the hashes to `component.externalReferences`, as we cannot determine which package was
     actually obtained and installed to meet a given dependency.
+2. MD5 hashses are available when using the `CondaListExplicitParser` with output from the conda command
+    `conda list --explicit --md5` only.
+3. For Conda, we provide a link to the registry as provided in the Conda output.
 
 """