Examples
For Node
JavaScript
JavaScript as CommonJS
1/*!
2This file is part of CycloneDX JavaScript Library.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15
16SPDX-License-Identifier: Apache-2.0
17Copyright (c) OWASP Foundation. All Rights Reserved.
18*/
19
20/** Example how to serialize a Bom to JSON / XML. */
21
22const CDX = require('@cyclonedx/cyclonedx-library')
23// Full library is available as `CDX`, now.
24// Alternative for better tree-shaking on bundling, import only the needed symbols like so:
25// const { Bom, Component } = require('@cyclonedx/cyclonedx-library/Models')
26// const { ComponentType } = require('@cyclonedx/cyclonedx-library/Enums')
27
28const spdxExpressionParser = require('spdx-expression-parse')
29
30
31const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
32
33const bom = new CDX.Models.Bom()
34bom.metadata.component = new CDX.Models.Component(
35 CDX.Enums.ComponentType.Application,
36 'MyProject'
37)
38bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
39
40const componentA = new CDX.Models.Component(
41 CDX.Enums.ComponentType.Library,
42 'myComponentA',
43 {
44 group: 'acme',
45 version: '1.33.7'
46 }
47)
48componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
49componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
50
51bom.components.add(componentA)
52bom.metadata.component.dependencies.add(componentA.bomRef)
53
54const serializeSpec = CDX.Spec.Spec1dot7
55
56const jsonSerializer = new CDX.Serialize.JsonSerializer(
57 new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
58const serializedJson = jsonSerializer.serialize(bom)
59console.log(serializedJson)
60const jsonValidator = new CDX.Validation.JsonStrictValidator(serializeSpec.version)
61jsonValidator.validate(serializedJson)
62 .then(validationErrors => {
63 if (validationErrors === null) {
64 console.info('JSON valid')
65 } else {
66 throw new Error('JSON ValidationError:\n' + JSON.stringify(validationErrors))
67 }
68 })
69 .catch(err => {
70 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
71 console.info('JSON validation skipped:', err)
72 } else {
73 throw err
74 }
75 })
76
77const xmlSerializer = new CDX.Serialize.XmlSerializer(
78 new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
79const serializedXML = xmlSerializer.serialize(bom)
80console.log(serializedXML)
81const xmlValidator = new CDX.Validation.XmlValidator(serializeSpec.version)
82xmlValidator.validate(serializedXML)
83 .then(validationErrors => {
84 if (validationErrors === null) {
85 console.info('XML valid')
86 } else {
87 throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
88 }
89 })
90 .catch(err => {
91 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
92 console.info('XML validation skipped:', err)
93 } else {
94 throw err
95 }
96 })
JavaScript as ECMAScript module
1/*!
2This file is part of CycloneDX JavaScript Library.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15
16SPDX-License-Identifier: Apache-2.0
17Copyright (c) OWASP Foundation. All Rights Reserved.
18*/
19
20/** Example how to serialize a Bom to JSON / XML. */
21
22import * as CDX from '@cyclonedx/cyclonedx-library'
23// Full library is available as `CDX`, now.
24// Alternative for better tree-shaking on bundling, import only the needed symbols like so:
25// import { Bom, Component } from '@cyclonedx/cyclonedx-library/Models'
26// import { ComponentType } from '@cyclonedx/cyclonedx-library/Enums'
27
28import spdxExpressionParser from 'spdx-expression-parse'
29
30
31const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
32
33const bom = new CDX.Models.Bom()
34bom.metadata.component = new CDX.Models.Component(
35 CDX.Enums.ComponentType.Application,
36 'MyProject'
37)
38bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
39
40const componentA = new CDX.Models.Component(
41 CDX.Enums.ComponentType.Library,
42 'myComponentA',
43 {
44 group: 'acme',
45 version: '1.33.7'
46 }
47)
48componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
49componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
50
51bom.components.add(componentA)
52bom.metadata.component.dependencies.add(componentA.bomRef)
53
54const serializeSpec = CDX.Spec.Spec1dot7
55
56const jsonSerializer = new CDX.Serialize.JsonSerializer(
57 new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
58const serializedJson = jsonSerializer.serialize(bom)
59console.log(serializedJson)
60const jsonValidator = new CDX.Validation.JsonStrictValidator(serializeSpec.version)
61try {
62 const validationErrors = await jsonValidator.validate(serializedJson)
63 if (validationErrors === null) {
64 console.info('JSON valid')
65 } else {
66 throw new Error('JSON ValidationError:\n' + JSON.stringify(validationErrors))
67 }
68} catch (err) {
69 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
70 console.info('JSON validation skipped:', err)
71 } else {
72 throw err
73 }
74}
75
76const xmlSerializer = new CDX.Serialize.XmlSerializer(
77 new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
78const serializedXML = xmlSerializer.serialize(bom)
79console.log(serializedXML)
80const xmlValidator = new CDX.Validation.XmlValidator(serializeSpec.version)
81try {
82 const validationErrors = await xmlValidator.validate(serializedXML)
83 if (validationErrors === null) {
84 console.info('XML valid')
85 } else {
86 throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
87 }
88} catch (err) {
89 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
90 console.info('XML validation skipped:', err)
91 } else {
92 throw err
93 }
94}
TypeScript
TypeScript for CommonJS
1/*!
2This file is part of CycloneDX JavaScript Library.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15
16SPDX-License-Identifier: Apache-2.0
17Copyright (c) OWASP Foundation. All Rights Reserved.
18*/
19
20/** Example how to serialize a Bom to JSON / XML. */
21
22import * as CDX from '@cyclonedx/cyclonedx-library'
23// Full library is available as `CDX`, now.
24// Alternative for better tree-shaking on bundling, import only the needed symbols like so:
25// import { Bom, Component } from '@cyclonedx/cyclonedx-library/Models'
26// import { ComponentType } from '@cyclonedx/cyclonedx-library/Enums'
27
28import * as spdxExpressionParser from 'spdx-expression-parse'
29
30
31const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
32
33const bom = new CDX.Models.Bom()
34bom.metadata.component = new CDX.Models.Component(
35 CDX.Enums.ComponentType.Application,
36 'MyProject'
37)
38bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
39
40const componentA = new CDX.Models.Component(
41 CDX.Enums.ComponentType.Library,
42 'myComponentA',
43 {
44 group: 'acme',
45 version: '1.33.7'
46 }
47)
48componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
49componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
50
51bom.components.add(componentA)
52bom.metadata.component.dependencies.add(componentA.bomRef)
53
54const serializeSpec = CDX.Spec.Spec1dot7
55
56const jsonSerializer = new CDX.Serialize.JsonSerializer(
57 new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
58const serializedJson = jsonSerializer.serialize(bom)
59console.log(serializedJson)
60const jsonValidator = new CDX.Validation.JsonStrictValidator(serializeSpec.version)
61jsonValidator.validate(serializedJson)
62 .then(validationErrors => {
63 if (validationErrors === null) {
64 console.info('JSON valid')
65 } else {
66 throw new Error('JSON ValidationError:\n' + JSON.stringify(validationErrors))
67 }
68 })
69 .catch(err => {
70 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
71 console.info('JSON validation skipped:', err)
72 } else {
73
74 throw err
75 }
76 })
77
78const xmlSerializer = new CDX.Serialize.XmlSerializer(
79 new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
80const serializedXML = xmlSerializer.serialize(bom)
81console.log(serializedXML)
82const xmlValidator = new CDX.Validation.XmlValidator(serializeSpec.version)
83xmlValidator.validate(serializedXML)
84 .then(validationErrors => {
85 if (validationErrors === null) {
86 console.info('XML valid')
87 } else {
88 throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
89 }
90 })
91 .catch(err => {
92 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
93 console.info('XML validation skipped:', err)
94 } else {
95
96 throw err
97 }
98 })
TypeScript for ECMAScript module
1/*!
2This file is part of CycloneDX JavaScript Library.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15
16SPDX-License-Identifier: Apache-2.0
17Copyright (c) OWASP Foundation. All Rights Reserved.
18*/
19
20/** Example how to serialize a Bom to JSON / XML. */
21
22import * as CDX from '@cyclonedx/cyclonedx-library'
23// Full library is available as `CDX`, now.
24// Alternative for better tree-shaking on bundling, import only the needed symbols like so:
25// import { Bom, Component } from '@cyclonedx/cyclonedx-library/Models'
26// import { ComponentType } from '@cyclonedx/cyclonedx-library/Enums'
27
28import spdxExpressionParser from 'spdx-expression-parse'
29
30
31const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
32
33const bom = new CDX.Models.Bom()
34bom.metadata.component = new CDX.Models.Component(
35 CDX.Enums.ComponentType.Application,
36 'MyProject'
37)
38bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
39
40const componentA = new CDX.Models.Component(
41 CDX.Enums.ComponentType.Library,
42 'myComponentA',
43 {
44 group: 'acme',
45 version: '1.33.7'
46 }
47)
48componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
49componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
50
51bom.components.add(componentA)
52bom.metadata.component.dependencies.add(componentA.bomRef)
53
54const serializeSpec = CDX.Spec.Spec1dot7
55
56const jsonSerializer = new CDX.Serialize.JsonSerializer(
57 new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
58const serializedJson = jsonSerializer.serialize(bom)
59console.log(serializedJson)
60const jsonValidator = new CDX.Validation.JsonStrictValidator(serializeSpec.version)
61try {
62 /* eslint-disable-next-line @typescript-eslint/no-unsafe-assignment -- intended */
63 const validationErrors = await jsonValidator.validate(serializedJson)
64 if (validationErrors === null) {
65 console.info('JSON valid')
66 } else {
67 throw new Error('JSON ValidationError:\n' + JSON.stringify(validationErrors))
68 }
69} catch (err) {
70 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
71 console.info('JSON validation skipped:', err)
72 } else {
73 throw err
74 }
75}
76
77const xmlSerializer = new CDX.Serialize.XmlSerializer(
78 new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
79const serializedXML = xmlSerializer.serialize(bom)
80console.log(serializedXML)
81const xmlValidator = new CDX.Validation.XmlValidator(serializeSpec.version)
82try {
83 /* eslint-disable-next-line @typescript-eslint/no-unsafe-assignment -- intended */
84 const validationErrors = await xmlValidator.validate(serializedXML)
85 if (validationErrors === null) {
86 console.info('XML valid')
87 } else {
88 throw new Error('XML ValidationError:\n' + JSON.stringify(validationErrors))
89 }
90} catch (err) {
91 if (err instanceof CDX.Validation.MissingOptionalDependencyError) {
92 console.info('XML validation skipped:', err)
93 } else {
94 throw err
95 }
96}
For Web
With Parcel
1/*!
2This file is part of CycloneDX JavaScript Library.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15
16SPDX-License-Identifier: Apache-2.0
17Copyright (c) OWASP Foundation. All Rights Reserved.
18*/
19
20/** Example how to serialize a Bom to JSON / XML. */
21
22const CDX = require('@cyclonedx/cyclonedx-library')
23// full Library is available as `CDX`, now
24
25const spdxExpressionParser = require('spdx-expression-parse')
26
27
28const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
29
30const bom = new CDX.Models.Bom()
31bom.metadata.component = new CDX.Models.Component(
32 CDX.Enums.ComponentType.Application,
33 'MyProject'
34)
35bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
36
37const componentA = new CDX.Models.Component(
38 CDX.Enums.ComponentType.Library,
39 'myComponentA',
40 {
41 group: 'acme',
42 version: '1.33.7'
43 }
44)
45componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
46componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
47
48bom.components.add(componentA)
49bom.metadata.component.dependencies.add(componentA.bomRef)
50
51const serializeSpec = CDX.Spec.Spec1dot7
52
53const jsonSerializer = new CDX.Serialize.JsonSerializer(
54 new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
55const serializedJson = jsonSerializer.serialize(bom)
56console.log(serializedJson)
57
58const xmlSerializer = new CDX.Serialize.XmlSerializer(
59 new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
60const serializedXML = xmlSerializer.serialize(bom)
61console.log(serializedXML)
With webpack
1/*!
2This file is part of CycloneDX JavaScript Library.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15
16SPDX-License-Identifier: Apache-2.0
17Copyright (c) OWASP Foundation. All Rights Reserved.
18*/
19
20/** Example how to serialize a Bom to JSON / XML. */
21
22const CDX = require('@cyclonedx/cyclonedx-library')
23// full Library is available as `CDX`, now
24
25const spdxExpressionParser = require('spdx-expression-parse')
26
27
28const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
29
30const bom = new CDX.Models.Bom()
31bom.metadata.component = new CDX.Models.Component(
32 CDX.Enums.ComponentType.Application,
33 'MyProject'
34)
35bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
36
37const componentA = new CDX.Models.Component(
38 CDX.Enums.ComponentType.Library,
39 'myComponentA',
40 {
41 group: 'acme',
42 version: '1.33.7'
43 }
44)
45componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
46componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
47
48bom.components.add(componentA)
49bom.metadata.component.dependencies.add(componentA.bomRef)
50
51const serializeSpec = CDX.Spec.Spec1dot7
52
53const jsonSerializer = new CDX.Serialize.JsonSerializer(
54 new CDX.Serialize.JSON.Normalize.Factory(serializeSpec))
55const serializedJson = jsonSerializer.serialize(bom)
56console.log(serializedJson)
57
58const xmlSerializer = new CDX.Serialize.XmlSerializer(
59 new CDX.Serialize.XML.Normalize.Factory(serializeSpec))
60const serializedXML = xmlSerializer.serialize(bom)
61console.log(serializedXML)