cyclonedx.model.license

License related things

Attributes

`LicenseExpressionAcknowledgement`	Deprecated — Alias for `LicenseAcknowledgement`
`License`	TypeAlias for a union of supported license models.

Classes

`LicenseAcknowledgement`	This is our internal representation of the type_licenseAcknowledgementEnumerationType ENUM type
`LicenseType`	This is our internal representation of the licenseTypeEnumeration ENUM type
`LicenseEntity`	This is our internal representation of the licensor/licensee/purchaser type
`Licensing`	This is our internal representation of the licensingType complex type
`DisjunctiveLicense`	This is our internal representation of licenseType complex type that can be used in multiple places within
`LicenseExpression`	This is our internal representation of licenseType's expression type that can be used in multiple places within
`LicenseRepository`	Collection of `License`.

Module Contents

class cyclonedx.model.license.LicenseAcknowledgement

Bases: str, enum.Enum

This is our internal representation of the type_licenseAcknowledgementEnumerationType ENUM type within the CycloneDX standard.

Note

Introduced in CycloneDX v1.6

Note

See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_licenseAcknowledgementEnumerationType

CONCLUDED = 'concluded'

DECLARED = 'declared'

cyclonedx.model.license.LicenseExpressionAcknowledgement: Deprecated — Alias for LicenseAcknowledgement

Deprecated since version next: Import LicenseAcknowledgement instead. The exported original symbol itself is NOT deprecated - only this import path.

class cyclonedx.model.license.LicenseType

Bases: str, enum.Enum

This is our internal representation of the licenseTypeEnumeration ENUM type within the CycloneDX standard.

Note

Introduced in CycloneDX v1.5

Note

See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/json/#metadata_tools_oneOf_i0_components_items_licenses_items_oneOf_i0_license_licensing_licenseTypes

ACADEMIC = 'academic'

APPLIANCE = 'appliance'

CLIENT_ACCESS = 'client-access'

CONCURRENT_USER = 'concurrent-user'

CORE_POINTS = 'core-points'

CUSTOM_METRIC = 'custom-metric'

DEVICE = 'device'

EVALUATION = 'evaluation'

NAMED_USER = 'named-user'

NODE_LOCKED = 'node-locked'

OEM = 'oem'

PERPETUAL = 'perpetual'

PROCESSOR_POINTS = 'processor-points'

SUBSCRIPTION = 'subscription'

USER = 'user'

OTHER = 'other'

class cyclonedx.model.license.LicenseEntity(*, organization: cyclonedx.model.contact.OrganizationalEntity | None = None, individual: cyclonedx.model.contact.OrganizationalContact | None = None)

This is our internal representation of the licensor/licensee/purchaser type within the CycloneDX standard.

Exactly one of organization or individual MUST be provided.

Note

Introduced in CycloneDX v1.5

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#metadata_tools_oneOf_i0_components_items_licenses_items_oneOf_i0_license_licensing_licensor

property organization: cyclonedx.model.contact.OrganizationalEntity | None

The organization.

Returns:: OrganizationalEntity or None

property individual: cyclonedx.model.contact.OrganizationalContact | None

The individual.

Returns:: OrganizationalContact or None

class cyclonedx.model.license.Licensing(*, alt_ids: collections.abc.Iterable[str] | None = None, licensor: LicenseEntity | None = None, licensee: LicenseEntity | None = None, purchaser: LicenseEntity | None = None, purchase_order: str | None = None, license_types: collections.abc.Iterable[LicenseType] | None = None, last_renewal: datetime.datetime | None = None, expiration: datetime.datetime | None = None)

This is our internal representation of the licensingType complex type within the CycloneDX standard.

Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata.

Note

Introduced in CycloneDX v1.5

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#metadata_tools_oneOf_i0_components_items_licenses_items_oneOf_i0_license_licensing

property alt_ids: SortedSet[str]

License identifiers that may be used to manage licenses and their lifecycle.

Returns:: SortedSet[str]

property licensor: LicenseEntity | None

The individual or organization that grants a license to another individual or organization.

Returns:: LicenseEntity or None

property licensee: LicenseEntity | None

The individual or organization for which a license was granted to.

Returns:: LicenseEntity or None

property purchaser: LicenseEntity | None

The individual or organization that purchased the license.

Returns:: LicenseEntity or None

property purchase_order: str | None

The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase.

Returns:: str or None

property license_types: SortedSet[LicenseType]

The type of license(s) that was granted to the licensee.

Returns:: SortedSet[LicenseType]

property last_renewal: datetime.datetime | None

The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed.

Returns:: datetime or None

property expiration: datetime.datetime | None

The timestamp indicating when the current license expires (if applicable).

Returns:: datetime or None

class cyclonedx.model.license.DisjunctiveLicense(*, bom_ref: str | cyclonedx.model.bom_ref.BomRef | None = None, id: str | None = None, name: str | None = None, text: cyclonedx.model.AttachedText | None = None, url: cyclonedx.model.XsUri | None = None, licensing: Licensing | None = None, acknowledgement: LicenseAcknowledgement | None = None, properties: collections.abc.Iterable[cyclonedx.model.Property] | None = None)

This is our internal representation of licenseType complex type that can be used in multiple places within a CycloneDX BOM document.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_licenseType

property bom_ref: cyclonedx.model.bom_ref.BomRef

An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.

Returns:: BomRef

property id: str | None

A SPDX license ID.

Note

See the list of expected values: https://cyclonedx.org/docs/1.7/json/#components_items_licenses_items_license_id

Returns:: str or None

property name: str | None

If SPDX does not define the license used, this field may be used to provide the license name.

Returns:: str or None

property text: cyclonedx.model.AttachedText | None

Specifies the optional full text of the attachment

Returns:: AttachedText else None

property url: cyclonedx.model.XsUri | None

The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness.

Returns:: XsUri or None

property licensing: Licensing | None

Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata.

Returns:: Licensing or None

property properties: SortedSet[Property]

Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions.

Return:: Set of Property

property acknowledgement: LicenseAcknowledgement | None

Declared licenses and concluded licenses represent two different stages in the licensing process within software development.

Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project’s codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in evidence.licenses. Observed licenses form the evidence necessary to substantiate a concluded license.

Returns:: LicenseAcknowledgement or None

class cyclonedx.model.license.LicenseExpression(value: str, *, bom_ref: str | cyclonedx.model.bom_ref.BomRef | None = None, acknowledgement: LicenseAcknowledgement | None = None)

This is our internal representation of licenseType’s expression type that can be used in multiple places within a CycloneDX BOM document.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_licenses_items_expression

property bom_ref: cyclonedx.model.bom_ref.BomRef

An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.

Returns:: BomRef

property value: str

Value of this LicenseExpression.

Returns:: str

property acknowledgement: LicenseAcknowledgement | None

Declared licenses and concluded licenses represent two different stages in the licensing process within software development.

Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project’s codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in evidence.licenses. Observed licenses form the evidence necessary to substantiate a concluded license.

Returns:: LicenseAcknowledgement or None

cyclonedx.model.license.License

TypeAlias for a union of supported license models.

LicenseExpression
DisjunctiveLicense

class cyclonedx.model.license.LicenseRepository

Bases: sortedcontainers.SortedSet[License]

Collection of License.

This is a set, not a list. Order MUST NOT matter here. If you wanted a certain order, then you should also express whether the items are concat by AND or OR. If you wanted to do so, you should use LicenseExpression.

As a model, this MUST accept multiple LicenseExpression along with multiple DisjunctiveLicense, as this was an accepted in CycloneDX JSON before v1.5. So for modeling purposes, this is supported. Denormalizers/deserializers will be thankful. The normalization/serialization process SHOULD take care of these facts and do what is needed.