File Coverage

blib/lib/SBOM/CycloneDX/Component/Pedigree.pm

Criterion	Covered	Total	%
statement	26	40	65.0
branch	0	12	0.0
condition			n/a
subroutine	9	10	90.0
pod	1	1	100.0
total	36	63	57.1

line	stmt	bran	sub	pod	time	code
1						package SBOM::CycloneDX::Component::Pedigree;
2
3	1		1		1759	use 5.010001;
	1				5
4	1		1		7	use strict;
	1				2
	1				25
5	1		1		5	use warnings;
	1				2
	1				56
6	1		1		6	use utf8;
	1				3
	1				8
7
8	1		1		48	use SBOM::CycloneDX::List;
	1				3
	1				53
9
10	1		1		7	use Types::Standard qw(InstanceOf Str);
	1				2
	1				11
11	1		1		3679	use Types::TypeTiny qw(ArrayLike);
	1				3
	1				8
12
13	1		1		614	use Moo;
	1				3
	1				9
14	1		1		512	use namespace::autoclean;
	1				3
	1				12
15
16						extends 'SBOM::CycloneDX::Base';
17
18						has ancestors => (
19						is => 'rw',
20						isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
21						default => sub { SBOM::CycloneDX::List->new }
22						);
23
24						has descendants => (
25						is => 'rw',
26						isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
27						default => sub { SBOM::CycloneDX::List->new }
28						);
29
30						has variants => (
31						is => 'rw',
32						isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component']],
33						default => sub { SBOM::CycloneDX::List->new }
34						);
35
36						has commits => (
37						is => 'rw',
38						isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component::Commit']],
39						default => sub { SBOM::CycloneDX::List->new }
40						);
41
42						has patches => (
43						is => 'rw',
44						isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Component::Patch']],
45						default => sub { SBOM::CycloneDX::List->new }
46						);
47
48						has notes => (is => 'rw', isa => Str);
49
50						sub TO_JSON {
51
52	0		0	1		my $self = shift;
53
54	0					my $json = {};
55
56	0	0				$json->{ancestors} = $self->ancestors if @{$self->ancestors};
	0
57	0	0				$json->{descendants} = $self->descendants if @{$self->descendants};
	0
58	0	0				$json->{variants} = $self->variants if @{$self->variants};
	0
59	0	0				$json->{commits} = $self->commits if @{$self->commits};
	0
60	0	0				$json->{patches} = $self->patches if @{$self->patches};
	0
61	0	0				$json->{notes} = $self->notes if $self->notes;
62
63	0					return $json;
64
65						}
66
67						1;
68
69						=encoding utf-8
70
71						=head1 NAME
72
73						SBOM::CycloneDX::Component::Pedigree - Component Pedigree
74
75						=head1 SYNOPSIS
76
77						SBOM::CycloneDX::Component::Pedigree->new();
78
79
80						=head1 DESCRIPTION
81
82						Component pedigree is a way to document complex supply chain scenarios where
83						components are created, distributed, modified, redistributed, combined with
84						other components, etc.
85						Pedigree supports viewing this complex chain from the beginning, the end,
86						or anywhere in the middle. It also provides a way to document variants
87						where the exact relation may not be known.
88
89						=head2 METHODS
90
91						L inherits all methods from L
92						and implements the following new ones.
93
94						=over
95
96						=item SBOM::CycloneDX::Component::Pedigree->new( %PARAMS )
97
98						Properties:
99
100						=over
101
102						=item * C, Describes zero or more components in which a component
103						is derived from. This is commonly used to describe forks from existing
104						projects where the forked version contains a ancestor node containing the
105						original component it was forked from. For example, Component A is the
106						original component. Component B is the component being used and documented
107						in the BOM. However, Component B contains a pedigree node with a single
108						ancestor documenting Component A - the original component from which
109						Component B is derived from.
110
111						=item * C, A list of zero or more commits which provide a trail
112						describing how the component deviates from an ancestor, descendant, or
113						variant.
114
115						=item * C, Descendants are the exact opposite of ancestors. This
116						provides a way to document all forks (and their forks) of an original or
117						root component.
118
119						=item * C, Notes, observations, and other non-structured commentary
120						describing the components pedigree.
121
122						=item * C, A list of zero or more patches describing how the
123						component deviates from an ancestor, descendant, or variant. Patches may be
124						complementary to commits or may be used in place of commits.
125
126						=item * C, Variants describe relations where the relationship
127						between the components is not known. For example, if Component A contains
128						nearly identical code to Component B. They are both related, but it is
129						unclear if one is derived from the other, or if they share a common
130						ancestor.
131
132						=back
133
134						=item $pedigree->ancestors
135
136						=item $pedigree->commits
137
138						=item $pedigree->descendants
139
140						=item $pedigree->notes
141
142						=item $pedigree->patches
143
144						=item $pedigree->variants
145
146						=back
147
148
149						=head1 SUPPORT
150
151						=head2 Bugs / Feature Requests
152
153						Please report any bugs or feature requests through the issue tracker
154						at L.
155						You will be notified automatically of any progress on your issue.
156
157						=head2 Source Code
158
159						This is open source software. The code repository is available for
160						public review and contribution under the terms of the license.
161
162						L
163
164						git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
165
166
167						=head1 AUTHOR
168
169						=over 4
170
171						=item * Giuseppe Di Terlizzi
172
173						=back
174
175
176						=head1 LICENSE AND COPYRIGHT
177
178						This software is copyright (c) 2025-2026 by Giuseppe Di Terlizzi.
179
180						This is free software; you can redistribute it and/or modify it under
181						the same terms as the Perl 5 programming language system itself.
182
183						=cut