# Standard BOM for Python
[](https://github.com/siemens/standard-bom-python/actions/workflows/ci.yml)
[](https://github.com/siemens/standard-bom-python/releases/latest)
A Python library for creating and consuming documents in
[standard-bom format](https://sbom.siemens.io/latest/format.html).
"Standard BOM" is our Siemens-internal SBOM format based on
the [Siemens CycloneDX Property Taxonomy](https://github.com/siemens/cyclonedx-property-taxonomy), which is 100% compatible with the
CycloneDX.
Every Standard BOM document is a 100% CycloneDX document, so both CycloneDX and Standard BOM formats are supported both
for reading and writing SBOMs with this library.
## Installation
To install the library, run following command ...
... for pip:
```shell
pip install siemens-standard-bom
```
... for Poetry:
```shell
poetry add siemens-standard-bom
```
The library provides Standard BOM parser and serializer classes. The parser class is used to read a Standard BOM from a file, and the
serializer class is used to write a Standard BOM to a file.
> 💡 **Hint:**
> This library provides strict type checking using [mypy](https://mypy.readthedocs.io/en/stable/).
> Using [mypy with strict type checks](https://mypy.readthedocs.io/en/stable/existing_code.html#introduce-stricter-options) in your own
> codebase is recommended to ensure type safety.
## Read a Standard BOM from a JSON file
```python
from siemens_standard_bom.parser import StandardBomParser
bom = StandardBomParser.parse("sbom.cdx.json")
```
## Write a Standard BOM to a JSON file
```python
from siemens_standard_bom.parser import StandardBomParser
bom = ...
StandardBomParser.save(bom, "sbom.cdx.json")
```
If you'd like to skip the `.dependencies` field in the output file, you can use the following code:
```python
from siemens_standard_bom.parser import StandardBomParser
bom = ...
StandardBomParser.save(bom, "sbom.cdx.json", with_dependencies=False)
```
This will save the Standard BOM to the file without the `.dependencies` field, which is `prohibited` in the
[`external` profile](https://sbom.siemens.io/v3/profiles.html).
## Create a Standard BOM document programmatically
The `StandardBom` class is a subclass of the `cyclonedx.bom.Bom` class from the upstream library
[cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) since this library is a wrapper of the
model objects from the upstream library.
```python
from siemens_standard_bom.model import StandardBom, Component, ComponentType
from cyclonedx.model.contact import OrganizationalContact
bom = StandardBom()
bom.add_author(OrganizationalContact(name='John Doe'))
bom.add_tool(Component(name='Sample Tool', version='1.0.0', type=ComponentType.APPLICATION))
bom.add_component(Component(name='Sample Component', version='1.2.3', type=ComponentType.LIBRARY))
```
You can also use the Standard BOM wrapper classes to create and edit the Standard BOM document.
For example, you can do the following similar to the example abode:
```python
from siemens_standard_bom.model import StandardBom, Component, ComponentType, SbomComponent
from cyclonedx.model.contact import OrganizationalContact
bom = StandardBom()
bom.add_author(OrganizationalContact(name='John Doe'))
bom.add_tool(SbomComponent(Component(name='Sample Tool', version='1.0.0', type=ComponentType.APPLICATION)))
bom.add_component(SbomComponent(Component(name='Sample Component', version='1.2.3', type=ComponentType.LIBRARY)))
```
## Retrieve fields from the Standard BOM object
Once you retrieve several fields from the `StandardBom` object, you get the wrapped Standard BOM types for these
fields. For example, the `tools` or `components` getters returns a list of `SbomComponent` objects:
```python
from typing import Iterable
from siemens_standard_bom.model import SbomComponent
bom = ...
components: Iterable[SbomComponent] = bom.components
tools: Iterable[SbomComponent] = bom.tools
```
## Setting licenses to a component
You can set licenses to a component by using the `licenses` setter method of the `SbomComponent`
class. `SbomComponent.licenses` setter method accepts an iterable of type `License` which can be a `LicenseExpression` or
a `DisjunctiveLicense`:
```python
from cyclonedx.model.license import LicenseExpression
component = SbomComponent(...)
licenses = [LicenseExpression(value="MIT")]
component.licenses = licenses
```
## Development
In order to build this library on your local PC, and/or contribute to this library, mind the following prerequisites:
- [Python](https://www.python.org/doc/versions/) >=3.10, <4.0
- [Poetry](https://python-poetry.org/) >= v2.0
---
Once you have those prerequisites you can perform following development tasks locally:
- Run the build by executing
```bash
poetry install
```
then
```bash
poetry build
```
This will generate the build artifacts under `dist/` folder.
- Run all unit tests with all test cases and static code analysis
```bash
poetry run tox run
```
This will run all the tests for all supported Python versions as well as static linting and type checking.
## License
This project is Inner Source under the [MIT license](LICENSE) (SPDX-License-Identifier: MIT).
Copyright (c) Siemens AG 2019-2025 ALL RIGHTS RESERVED
Raw data
{
"_id": null,
"home_page": null,
"name": "siemens-standard-bom",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "sbom, software-bill-of-materials, cyclonedx, cdx",
"author": "Hakan Dilek",
"author_email": "hakan.dilek@siemens.com",
"download_url": "https://files.pythonhosted.org/packages/67/60/16cb18bf4dc3501914e534167402b9447ec3659577c63672e67f7089a898/siemens_standard_bom-4.1.0.tar.gz",
"platform": null,
"description": "# Standard BOM for Python\n\n[](https://github.com/siemens/standard-bom-python/actions/workflows/ci.yml)\n\n[](https://github.com/siemens/standard-bom-python/releases/latest)\n\nA Python library for creating and consuming documents in\n[standard-bom format](https://sbom.siemens.io/latest/format.html).\n\n\"Standard BOM\" is our Siemens-internal SBOM format based on\nthe [Siemens CycloneDX Property Taxonomy](https://github.com/siemens/cyclonedx-property-taxonomy), which is 100% compatible with the\nCycloneDX.\n\nEvery Standard BOM document is a 100% CycloneDX document, so both CycloneDX and Standard BOM formats are supported both\nfor reading and writing SBOMs with this library.\n\n## Installation\n\nTo install the library, run following command ...\n\n... for pip:\n\n```shell\npip install siemens-standard-bom\n```\n\n... for Poetry:\n\n```shell\npoetry add siemens-standard-bom\n```\n\nThe library provides Standard BOM parser and serializer classes. The parser class is used to read a Standard BOM from a file, and the\nserializer class is used to write a Standard BOM to a file.\n\n> \ud83d\udca1 **Hint:**\n> This library provides strict type checking using [mypy](https://mypy.readthedocs.io/en/stable/).\n> Using [mypy with strict type checks](https://mypy.readthedocs.io/en/stable/existing_code.html#introduce-stricter-options) in your own\n> codebase is recommended to ensure type safety.\n\n## Read a Standard BOM from a JSON file\n\n```python\nfrom siemens_standard_bom.parser import StandardBomParser\n\nbom = StandardBomParser.parse(\"sbom.cdx.json\")\n```\n\n## Write a Standard BOM to a JSON file\n\n```python\nfrom siemens_standard_bom.parser import StandardBomParser\n\nbom = ...\nStandardBomParser.save(bom, \"sbom.cdx.json\")\n```\n\nIf you'd like to skip the `.dependencies` field in the output file, you can use the following code:\n\n```python\nfrom siemens_standard_bom.parser import StandardBomParser\n\nbom = ...\nStandardBomParser.save(bom, \"sbom.cdx.json\", with_dependencies=False)\n```\n\nThis will save the Standard BOM to the file without the `.dependencies` field, which is `prohibited` in the\n[`external` profile](https://sbom.siemens.io/v3/profiles.html).\n\n## Create a Standard BOM document programmatically\n\nThe `StandardBom` class is a subclass of the `cyclonedx.bom.Bom` class from the upstream library\n[cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) since this library is a wrapper of the\nmodel objects from the upstream library.\n\n```python\nfrom siemens_standard_bom.model import StandardBom, Component, ComponentType\nfrom cyclonedx.model.contact import OrganizationalContact\n\nbom = StandardBom()\nbom.add_author(OrganizationalContact(name='John Doe'))\nbom.add_tool(Component(name='Sample Tool', version='1.0.0', type=ComponentType.APPLICATION))\nbom.add_component(Component(name='Sample Component', version='1.2.3', type=ComponentType.LIBRARY))\n```\n\nYou can also use the Standard BOM wrapper classes to create and edit the Standard BOM document.\nFor example, you can do the following similar to the example abode:\n\n```python\nfrom siemens_standard_bom.model import StandardBom, Component, ComponentType, SbomComponent\nfrom cyclonedx.model.contact import OrganizationalContact\n\nbom = StandardBom()\nbom.add_author(OrganizationalContact(name='John Doe'))\nbom.add_tool(SbomComponent(Component(name='Sample Tool', version='1.0.0', type=ComponentType.APPLICATION)))\nbom.add_component(SbomComponent(Component(name='Sample Component', version='1.2.3', type=ComponentType.LIBRARY)))\n```\n\n## Retrieve fields from the Standard BOM object\n\nOnce you retrieve several fields from the `StandardBom` object, you get the wrapped Standard BOM types for these\nfields. For example, the `tools` or `components` getters returns a list of `SbomComponent` objects:\n\n```python\nfrom typing import Iterable\nfrom siemens_standard_bom.model import SbomComponent\n\nbom = ...\ncomponents: Iterable[SbomComponent] = bom.components\ntools: Iterable[SbomComponent] = bom.tools\n```\n\n## Setting licenses to a component\n\nYou can set licenses to a component by using the `licenses` setter method of the `SbomComponent`\nclass. `SbomComponent.licenses` setter method accepts an iterable of type `License` which can be a `LicenseExpression` or\na `DisjunctiveLicense`:\n\n```python\nfrom cyclonedx.model.license import LicenseExpression\n\ncomponent = SbomComponent(...)\nlicenses = [LicenseExpression(value=\"MIT\")]\ncomponent.licenses = licenses\n```\n\n## Development\n\nIn order to build this library on your local PC, and/or contribute to this library, mind the following prerequisites:\n\n- [Python](https://www.python.org/doc/versions/) >=3.10, <4.0\n- [Poetry](https://python-poetry.org/) >= v2.0\n\n---\nOnce you have those prerequisites you can perform following development tasks locally:\n\n- Run the build by executing\n\n ```bash\n poetry install\n ```\n\n then\n\n ```bash\n poetry build\n ```\n\n This will generate the build artifacts under `dist/` folder.\n\n- Run all unit tests with all test cases and static code analysis\n\n ```bash\n poetry run tox run\n ```\n\n This will run all the tests for all supported Python versions as well as static linting and type checking.\n\n## License\n\nThis project is Inner Source under the [MIT license](LICENSE) (SPDX-License-Identifier: MIT).\n\nCopyright (c) Siemens AG 2019-2025 ALL RIGHTS RESERVED\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Standard BOM Format Library",
"version": "4.1.0",
"project_urls": {
"Bug Tracker": "https://github.com/siemens/standard-bom-python/issues",
"Documentation": "https://github.com/siemens/standard-bom-python/blob/main/README.md",
"Homepage": "https://sbom.siemens.io/",
"Repository": "https://github.com/siemens/standard-bom-python"
},
"split_keywords": [
"sbom",
" software-bill-of-materials",
" cyclonedx",
" cdx"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "6ccdb434fa8ccad849026db6eee008497ad516da80e19867e512c6a656d07c97",
"md5": "d2e3d2138d00bfdece605586c775e3c1",
"sha256": "4d8233128f0dcf9a8ef90c0cb218226e052c997aa2f0c34038a9eb3a7009f1d2"
},
"downloads": -1,
"filename": "siemens_standard_bom-4.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d2e3d2138d00bfdece605586c775e3c1",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 11048,
"upload_time": "2025-07-18T14:31:50",
"upload_time_iso_8601": "2025-07-18T14:31:50.466183Z",
"url": "https://files.pythonhosted.org/packages/6c/cd/b434fa8ccad849026db6eee008497ad516da80e19867e512c6a656d07c97/siemens_standard_bom-4.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "676016cb18bf4dc3501914e534167402b9447ec3659577c63672e67f7089a898",
"md5": "d899da710907385122ee203bbf1a5c2f",
"sha256": "044cfe046b06443c58532d272408c905b21953cf3d622ba945e0791778629540"
},
"downloads": -1,
"filename": "siemens_standard_bom-4.1.0.tar.gz",
"has_sig": false,
"md5_digest": "d899da710907385122ee203bbf1a5c2f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 11133,
"upload_time": "2025-07-18T14:31:51",
"upload_time_iso_8601": "2025-07-18T14:31:51.522961Z",
"url": "https://files.pythonhosted.org/packages/67/60/16cb18bf4dc3501914e534167402b9447ec3659577c63672e67f7089a898/siemens_standard_bom-4.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-18 14:31:51",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "siemens",
"github_project": "standard-bom-python",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "siemens-standard-bom"
}
JSON
