NAME

SBOM::CycloneDX::Component::Pedigree - Component Pedigree

SYNOPSIS

SBOM::CycloneDX::Component::Pedigree->new();

DESCRIPTION

Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.

METHODS

SBOM::CycloneDX::Component::Pedigree inherits all methods from SBOM::CycloneDX::Base and implements the following new ones.

SBOM::CycloneDX::Component::Pedigree->new( %PARAMS )

Properties:

ancestors, Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.
commits, A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.
descendants, Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.
notes, Notes, observations, and other non-structured commentary describing the components pedigree.
patches, >A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.
variants, Variants describe relations where the relationship between the components is not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.

$pedigree->ancestors

$pedigree->commits

$pedigree->descendants

$pedigree->notes

$pedigree->patches

$pedigree->variants

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-SBOM-CycloneDX/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-SBOM-CycloneDX

git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git

AUTHOR

Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install SBOM::CycloneDX, copy and paste the appropriate command in to your terminal.

cpanm

cpanm SBOM::CycloneDX

CPAN shell

perl -MCPAN -e shell
install SBOM::CycloneDX

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)