CycloneDX
diff --git a/‎cyclonedx/output/__init__.py
Lines changed: 47 additions & 5 deletions b/‎cyclonedx/output/__init__.py
Lines changed: 47 additions & 5 deletions
diff --git a/‎tests/_data/models.py
Lines changed: 87 additions & 65 deletions b/‎tests/_data/models.py
Lines changed: 87 additions & 65 deletions
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.5.json.bin
Lines changed: 1 addition & 0 deletions b/‎tests/_data/snapshots/enum_Encoding-1.5.json.bin
Lines changed: 1 addition & 0 deletions
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.5.xml.bin
Lines changed: 1 addition & 1 deletion b/‎tests/_data/snapshots/enum_Encoding-1.5.xml.bin
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.6.json.bin
Lines changed: 1 addition & 0 deletions b/‎tests/_data/snapshots/enum_Encoding-1.6.json.bin
Lines changed: 1 addition & 0 deletions
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.6.xml.bin
Lines changed: 1 addition & 1 deletion b/‎tests/_data/snapshots/enum_Encoding-1.6.xml.bin
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin
Lines changed: 17 additions & 0 deletions b/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin
Lines changed: 17 additions & 0 deletions
diff --git a/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin
Lines changed: 17 additions & 17 deletions b/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin
Lines changed: 17 additions & 17 deletions
@@ -33,6 +33,9 @@
 if TYPE_CHECKING:  # pragma: no cover
     from ..model.bom import Bom
     from ..model.bom_ref import BomRef
+    from ..model.contact import OrganizationalContact, OrganizationalEntity, PostalAddress
+    from ..model.definition import Level, Requirement, Standard
+    from ..model.license import License
     from .json import Json as JsonOutputter
     from .xml import Xml as XmlOutputter
 
@@ -170,8 +173,47 @@ def _make_unique(self) -> str:
 
     @classmethod
     def from_bom(cls, bom: 'Bom', prefix: str = 'BomRef') -> 'BomRefDiscriminator':
-        return cls(chain(
-            map(lambda c: c.bom_ref, bom._get_all_components()),
-            map(lambda s: s.bom_ref, bom.services),
-            map(lambda v: v.bom_ref, bom.vulnerabilities)
-        ), prefix)
+        """
+        Create an instance containing EVERY ``bom-ref`` in the bom.
+        """
+
+        components = tuple(bom._get_all_components())
+        services = tuple(bom.services)
+        vulnerabilities = tuple(bom.vulnerabilities)
+        orgs: tuple['OrganizationalEntity', ...] = tuple(filter(lambda o: o is not None, chain(  # type:ignore[arg-type]
+            (bom.metadata.manufacture, bom.metadata.manufacturer, bom.metadata.supplier),
+            chain.from_iterable((c.manufacturer, c.supplier,) for c in components),
+            (s.provider for s in services),
+            chain.from_iterable(v.credits.organizations for v in vulnerabilities if v.credits),
+        )))
+        contacts: Iterable['OrganizationalContact'] = chain(
+            bom.metadata.authors,
+            chain.from_iterable(c.authors for c in components),
+            chain.from_iterable(v.credits.individuals for v in vulnerabilities if v.credits),
+            chain.from_iterable(o.contacts for o in orgs),
+        )
+        addresses: Iterable['PostalAddress'] = (o.address for o in orgs if o.address is not None)
+        licenses: Iterable['License'] = chain(
+            bom.metadata.licenses,
+            chain.from_iterable(c.licenses for c in components),
+            chain.from_iterable(c.evidence.licenses for c in components if c.evidence is not None),
+            chain.from_iterable(s.licenses for s in services),
+        )
+        standards: tuple['Standard', ...] = () \
+            if bom.definitions is None \
+            else tuple(bom.definitions.standards)
+        requirements: Iterable['Requirement'] = chain.from_iterable(s.requirements for s in standards)
+        levels: Iterable['Level'] = chain.from_iterable(s.levels for s in standards)
+        relevant_bom_refs: Iterable['BomRef'] = (i.bom_ref for i in chain(
+            components,
+            services,
+            vulnerabilities,
+            orgs,
+            contacts,
+            addresses,
+            licenses,
+            standards,
+            requirements,
+            levels,
+        ))
+        return cls(relevant_bom_refs, prefix)
@@ -5,6 +5,7 @@
       "licenses": [
         {
           "license": {
+            "bom-ref": "dummy_license",
             "name": "att.encoding: BASE_64",
             "text": {
               "content": "att.encoding: BASE_64",
 
@@ -7,7 +7,7 @@
     <component type="library" bom-ref="dummy">
       <name>dummy</name>
       <licenses>
-        <license>
+        <license bom-ref="dummy_license">
           <name>att.encoding: BASE_64</name>
           <text content-type="text/plain" encoding="base64">att.encoding: BASE_64</text>
         </license>
 
@@ -5,6 +5,7 @@
       "licenses": [
         {
           "license": {
+            "bom-ref": "dummy_license",
             "name": "att.encoding: BASE_64",
             "text": {
               "content": "att.encoding: BASE_64",
 
@@ -7,7 +7,7 @@
     <component type="library" bom-ref="dummy">
       <name>dummy</name>
       <licenses>
-        <license>
+        <license bom-ref="dummy_license">
           <name>att.encoding: BASE_64</name>
           <text content-type="text/plain" encoding="base64">att.encoding: BASE_64</text>
         </license>
 
@@ -7,11 +7,13 @@
   "metadata": {
     "authors": [
       {
+        "bom-ref": "OrganizationalContact_ano_bom_authors",
         "email": "[email protected]",
         "name": "A N Other",
         "phone": "+44 (0)1234 567890"
       },
       {
+        "bom-ref": "OrganizationalContact_ph_bom_authors",
         "email": "[email protected]",
         "name": "Paul Horton"
       }
@@ -26,6 +28,7 @@
           "licenses": [
             {
               "license": {
+                "bom-ref": "pkg:pypi/[email protected]?extension=tar.gz_license",
                 "id": "MIT"
               }
             }
@@ -91,6 +94,7 @@
       "licenses": [
         {
           "license": {
+            "bom-ref": "my-specific-bom-ref-for-dings_license",
             "id": "MIT"
           }
         }
@@ -104,6 +108,7 @@
             "licenses": [
               {
                 "license": {
+                  "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license",
                   "id": "MIT"
                 }
               }
@@ -119,6 +124,7 @@
             "licenses": [
               {
                 "license": {
+                  "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license",
                   "id": "MIT"
                 }
               }
@@ -141,6 +147,7 @@
             "licenses": [
               {
                 "license": {
+                  "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license",
                   "id": "MIT"
                 }
               }
@@ -197,6 +204,7 @@
             "licenses": [
               {
                 "license": {
+                  "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license",
                   "id": "MIT"
                 }
               }
@@ -307,13 +315,16 @@
       },
       "scope": "required",
       "supplier": {
+        "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings",
         "contact": [
           {
+            "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings",
             "email": "[email protected]",
             "name": "A N Other",
             "phone": "+44 (0)1234 567890"
           },
           {
+            "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings",
             "email": "[email protected]",
             "name": "Paul Horton"
           }
@@ -340,6 +351,7 @@
     "licenses": [
       {
         "license": {
+          "bom-ref": "bom_license",
           "id": "Apache-2.0",
           "text": {
             "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=",
@@ -356,13 +368,16 @@
       }
     ],
     "manufacture": {
+      "bom-ref": "OrganizationalEntity_cdx_bom_manufacture",
       "contact": [
         {
+          "bom-ref": "OrganizationalContact_ano_bom_manufacture",
           "email": "[email protected]",
           "name": "A N Other",
           "phone": "+44 (0)1234 567890"
         },
         {
+          "bom-ref": "OrganizationalContact_ph_bom_manufacture",
           "email": "[email protected]",
           "name": "Paul Horton"
         }
@@ -384,8 +399,10 @@
       }
     ],
     "supplier": {
+      "bom-ref": "OrganizationalEntity_cd_x_bom_supplier",
       "contact": [
         {
+          "bom-ref": "OrganizationalContact_ano_bom_supplier",
           "email": "[email protected]",
           "name": "A N Other",
           "phone": "+44 (0)1234 567890"
 
@@ -8,27 +8,27 @@
       </lifecycle>
     </lifecycles>
     <authors>
-      <author>
+      <author bom-ref="OrganizationalContact_ano_bom_authors">
         <name>A N Other</name>
         <email>[email protected]</email>
         <phone>+44 (0)1234 567890</phone>
       </author>
-      <author>
+      <author bom-ref="OrganizationalContact_ph_bom_authors">
         <name>Paul Horton</name>
         <email>[email protected]</email>
       </author>
     </authors>
     <component type="library" bom-ref="my-specific-bom-ref-for-dings">
-      <supplier>
+      <supplier bom-ref="OrganizationalEntity_cdx_my-specific-bom-ref-for-dings">
         <name>CycloneDX</name>
         <url>https://cyclonedx.org</url>
         <url>https://cyclonedx.org/docs</url>
-        <contact>
+        <contact bom-ref="OrganizationalContact_ano_my-specific-bom-ref-for-dings">
           <name>A N Other</name>
           <email>[email protected]</email>
           <phone>+44 (0)1234 567890</phone>
         </contact>
-        <contact>
+        <contact bom-ref="OrganizationalContact_ph_my-specific-bom-ref-for-dings">
           <name>Paul Horton</name>
           <email>[email protected]</email>
         </contact>
@@ -40,7 +40,7 @@
       <description>This component is awesome</description>
       <scope>required</scope>
       <licenses>
-        <license>
+        <license bom-ref="my-specific-bom-ref-for-dings_license">
           <id>MIT</id>
         </license>
       </licenses>
@@ -57,7 +57,7 @@
             <name>setuptools</name>
             <version>50.3.2</version>
             <licenses>
-              <license>
+              <license bom-ref="ccc8d7ee-4b9c-4750-aee0-a72585152291_license">
                 <id>MIT</id>
               </license>
             </licenses>
@@ -67,7 +67,7 @@
             <author>Test Author</author>
             <name>setuptools</name>
             <licenses>
-              <license>
+              <license bom-ref="8a3893b3-9923-4adb-a1d3-47456636ba0a_license">
                 <id>MIT</id>
               </license>
             </licenses>
@@ -79,7 +79,7 @@
             <author>Test Author</author>
             <name>setuptools</name>
             <licenses>
-              <license>
+              <license bom-ref="28b2d8ce-def0-446f-a221-58dee0b44acc_license">
                 <id>MIT</id>
               </license>
             </licenses>
@@ -109,7 +109,7 @@
             <name>setuptools</name>
             <version>50.3.2</version>
             <licenses>
-              <license>
+              <license bom-ref="ded1d73e-1fca-4302-b520-f1bc53979958_license">
                 <id>MIT</id>
               </license>
             </licenses>
@@ -168,7 +168,7 @@
           <name>setuptools</name>
           <version>50.3.2</version>
           <licenses>
-            <license>
+            <license bom-ref="pkg:pypi/[email protected]?extension=tar.gz_license">
               <id>MIT</id>
             </license>
           </licenses>
@@ -243,31 +243,31 @@
         </properties>
       </releaseNotes>
     </component>
-    <manufacture>
+    <manufacture bom-ref="OrganizationalEntity_cdx_bom_manufacture">
       <name>CycloneDX</name>
       <url>https://cyclonedx.org</url>
       <url>https://cyclonedx.org/docs</url>
-      <contact>
+      <contact bom-ref="OrganizationalContact_ano_bom_manufacture">
         <name>A N Other</name>
         <email>[email protected]</email>
         <phone>+44 (0)1234 567890</phone>
       </contact>
-      <contact>
+      <contact bom-ref="OrganizationalContact_ph_bom_manufacture">
         <name>Paul Horton</name>
         <email>[email protected]</email>
       </contact>
     </manufacture>
-    <supplier>
+    <supplier bom-ref="OrganizationalEntity_cd_x_bom_supplier">
       <name>Cyclone DX</name>
       <url>https://cyclonedx.org/</url>
-      <contact>
+      <contact bom-ref="OrganizationalContact_ano_bom_supplier">
         <name>A N Other</name>
         <email>[email protected]</email>
         <phone>+44 (0)1234 567890</phone>
       </contact>
     </supplier>
     <licenses>
-      <license>
+      <license bom-ref="bom_license">
         <id>Apache-2.0</id>
         <text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</text>
         <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`"licenses": [`
`6`	`6`	`{`
`7`	`7`	`"license": {`
	`8`	`+ "bom-ref": "dummy_license",`
`8`	`9`	`"name": "att.encoding: BASE_64",`
`9`	`10`	`"text": {`
`10`	`11`	`"content": "att.encoding: BASE_64",`
Original file line number	Diff line number	Diff line change
`@@ -7,11 +7,13 @@`
`7`	`7`	`"metadata": {`
`8`	`8`	`"authors": [`
`9`	`9`	`{`
	`10`	`+ "bom-ref": "OrganizationalContact_ano_bom_authors",`
`10`	`11`	`"email": "[email protected]",`
`11`	`12`	`"name": "A N Other",`
`12`	`13`	`"phone": "+44 (0)1234 567890"`
`13`	`14`	`},`
`14`	`15`	`{`
	`16`	`+ "bom-ref": "OrganizationalContact_ph_bom_authors",`
`15`	`17`	`"email": "[email protected]",`
`16`	`18`	`"name": "Paul Horton"`
`17`	`19`	`}`
`@@ -26,6 +28,7 @@`
`26`	`28`	`"licenses": [`
`27`	`29`	`{`
`28`	`30`	`"license": {`
	`31`	`+ "bom-ref": "pkg:pypi/[email protected]?extension=tar.gz_license",`
`29`	`32`	`"id": "MIT"`
`30`	`33`	`}`
`31`	`34`	`}`
`@@ -91,6 +94,7 @@`
`91`	`94`	`"licenses": [`
`92`	`95`	`{`
`93`	`96`	`"license": {`
	`97`	`+ "bom-ref": "my-specific-bom-ref-for-dings_license",`
`94`	`98`	`"id": "MIT"`
`95`	`99`	`}`
`96`	`100`	`}`
`@@ -104,6 +108,7 @@`
`104`	`108`	`"licenses": [`
`105`	`109`	`{`
`106`	`110`	`"license": {`
	`111`	`+ "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license",`
`107`	`112`	`"id": "MIT"`
`108`	`113`	`}`
`109`	`114`	`}`
`@@ -119,6 +124,7 @@`
`119`	`124`	`"licenses": [`
`120`	`125`	`{`
`121`	`126`	`"license": {`
	`127`	`+ "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license",`
`122`	`128`	`"id": "MIT"`
`123`	`129`	`}`
`124`	`130`	`}`
`@@ -141,6 +147,7 @@`
`141`	`147`	`"licenses": [`
`142`	`148`	`{`
`143`	`149`	`"license": {`
	`150`	`+ "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license",`
`144`	`151`	`"id": "MIT"`
`145`	`152`	`}`
`146`	`153`	`}`
`@@ -197,6 +204,7 @@`
`197`	`204`	`"licenses": [`
`198`	`205`	`{`
`199`	`206`	`"license": {`
	`207`	`+ "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license",`
`200`	`208`	`"id": "MIT"`
`201`	`209`	`}`
`202`	`210`	`}`
`@@ -307,13 +315,16 @@`
`307`	`315`	`},`
`308`	`316`	`"scope": "required",`
`309`	`317`	`"supplier": {`
	`318`	`+ "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings",`
`310`	`319`	`"contact": [`
`311`	`320`	`{`
	`321`	`+ "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings",`
`312`	`322`	`"email": "[email protected]",`
`313`	`323`	`"name": "A N Other",`
`314`	`324`	`"phone": "+44 (0)1234 567890"`
`315`	`325`	`},`
`316`	`326`	`{`
	`327`	`+ "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings",`
`317`	`328`	`"email": "[email protected]",`
`318`	`329`	`"name": "Paul Horton"`
`319`	`330`	`}`
`@@ -340,6 +351,7 @@`
`340`	`351`	`"licenses": [`
`341`	`352`	`{`
`342`	`353`	`"license": {`
	`354`	`+ "bom-ref": "bom_license",`
`343`	`355`	`"id": "Apache-2.0",`
`344`	`356`	`"text": {`
`345`	`357`	`"content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=",`
`@@ -356,13 +368,16 @@`
`356`	`368`	`}`
`357`	`369`	`],`
`358`	`370`	`"manufacture": {`
	`371`	`+ "bom-ref": "OrganizationalEntity_cdx_bom_manufacture",`
`359`	`372`	`"contact": [`
`360`	`373`	`{`
	`374`	`+ "bom-ref": "OrganizationalContact_ano_bom_manufacture",`
`361`	`375`	`"email": "[email protected]",`
`362`	`376`	`"name": "A N Other",`
`363`	`377`	`"phone": "+44 (0)1234 567890"`
`364`	`378`	`},`
`365`	`379`	`{`
	`380`	`+ "bom-ref": "OrganizationalContact_ph_bom_manufacture",`
`366`	`381`	`"email": "[email protected]",`
`367`	`382`	`"name": "Paul Horton"`
`368`	`383`	`}`
`@@ -384,8 +399,10 @@`
`384`	`399`	`}`
`385`	`400`	`],`
`386`	`401`	`"supplier": {`
	`402`	`+ "bom-ref": "OrganizationalEntity_cd_x_bom_supplier",`
`387`	`403`	`"contact": [`
`388`	`404`	`{`
	`405`	`+ "bom-ref": "OrganizationalContact_ano_bom_supplier",`
`389`	`406`	`"email": "[email protected]",`
`390`	`407`	`"name": "A N Other",`
`391`	`408`	`"phone": "+44 (0)1234 567890"`