File Coverage

blib/lib/SBOM/CycloneDX/Metadata.pm

Criterion	Covered	Total	%
statement	51	52	98.0
branch	13	20	65.0
condition	2	6	33.3
subroutine	13	13	100.0
pod	2	2	100.0
total	81	93	87.1

line	stmt	bran	cond	sub	pod	time	code
1							package SBOM::CycloneDX::Metadata;
2
3	16			16		448	use 5.010001;
	16					73
4	16			16		98	use strict;
	16					35
	16					511
5	16			16		81	use warnings;
	16					94
	16					1038
6	16			16		122	use utf8;
	16					77
	16					134
7
8	16			16		823	use Carp;
	16					70
	16					1762
9
10	16			16		9483	use SBOM::CycloneDX::Timestamp;
	16					56
	16					767
11	16			16		123	use SBOM::CycloneDX::List;
	16					32
	16					567
12
13	16			16		86	use Types::Standard qw(Str InstanceOf);
	16					34
	16					180
14	16			16		55699	use Types::TypeTiny qw(ArrayLike);
	16					40
	16					129
15
16	16			16		10421	use Moo;
	16					69
	16					99
17	16			16		7190	use namespace::autoclean;
	16					37
	16					186
18
19							extends 'SBOM::CycloneDX::Base';
20
21							sub BUILD {
22	63			63	1	1048	my ($self, $args) = @_;
23							Carp::carp '"manufacture" is deprecated from CycloneDX v1.6. '
24							. 'Use the SBOM::CycloneDX::Component->manufacturer instead'
25	63	50				1601	if exists $args->{manufacture};
26							}
27
28
29							has timestamp => (
30							is => 'rw',
31							isa => InstanceOf ['SBOM::CycloneDX::Timestamp'],
32							coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::Timestamp->new($_[0]) }
33							);
34
35							has lifecycles => (
36							is => 'rw',
37							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Metadata::Lifecyle']],
38							default => sub { SBOM::CycloneDX::List->new }
39							);
40
41							# TODO: metadata.tools[] array is DEPRECATED
42
43							has tools => (
44							is => 'rw',
45							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Tool']] \| InstanceOf ['SBOM::CycloneDX::Tools'],
46							default => sub { SBOM::CycloneDX::List->new }
47							);
48
49							has manufacturer => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
50
51							has authors => (
52							is => 'rw',
53							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::OrganizationalContact']],
54							default => sub { SBOM::CycloneDX::List->new }
55							);
56
57							has component => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component']);
58							has manufacture => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
59							has supplier => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
60
61							has licenses => (
62							is => 'rw',
63							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::License']],
64							default => sub { SBOM::CycloneDX::List->new }
65							);
66
67							has properties => (
68							is => 'rw',
69							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Property']],
70							default => sub { SBOM::CycloneDX::List->new }
71							);
72
73							has distribution_constraints => (
74							is => 'rw',
75							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Metadata::DistributionConstraint']],
76							default => sub { SBOM::CycloneDX::List->new }
77							);
78
79							sub TO_JSON {
80
81	541			541	1	4433	my $self = shift;
82
83	541					1142	my $json = {};
84
85	541	50	33			12399	if (ref($self->tools) =~ /List/ && @{$self->tools} \|\| ref($self->tools) =~ /Tools/) {
	541		33			14747
86	0					0	$json->{tools} = $self->tools;
87							}
88
89	541	50				14989	$json->{timestamp} = $self->timestamp if $self->timestamp;
90	541	100				3872	$json->{lifecycles} = $self->lifecycles if @{$self->lifecycles};
	541					10378
91	541	100				1315	$json->{authors} = $self->authors if @{$self->authors};
	541					10908
92	541	50				11168	$json->{component} = $self->component if $self->component;
93	541	50				13748	$json->{manufacture} = $self->manufacture if $self->manufacture;
94	541	50				13519	$json->{supplier} = $self->supplier if $self->supplier;
95	541	100				3822	$json->{licenses} = $self->licenses if @{$self->licenses};
	541					10449
96	541	50				1794	$json->{properties} = $self->properties if @{$self->properties};
	541					10758
97
98	541					5240	return $json;
99
100							}
101
102							1;
103
104							=encoding utf-8
105
106							=head1 NAME
107
108							SBOM::CycloneDX::Metadata - BOM Metadata
109
110							=head1 SYNOPSIS
111
112							SBOM::CycloneDX::Metadata->new();
113
114
115							=head1 DESCRIPTION
116
117							L provides additional information about a BOM.
118
119							=head2 METHODS
120
121							L inherits all methods from L
122							and implements the following new ones.
123
124							=over
125
126							=item SBOM::CycloneDX::Metadata->new( %PARAMS )
127
128							Properties:
129
130							=over
131
132							=item * C,
133
134							=item * C, The person(s) who created the BOM.
135							Authors are common in BOMs created through manual processes. BOMs created
136							through automated means may have "manufacturer" instead.
137
138							=item * C, The component that the BOM describes.
139
140							=item * C, The license information for the BOM document.
141							This may be different from the license(s) of the component(s) that the BOM
142							describes.
143
144							=item * C, Lifecycles communicate the stage(s) in which data in
145							the BOM was captured. Different types of data may be available at various
146							phases of a lifecycle, such as the Software Development Lifecycle (SDLC),
147							IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a
148							BOM may include data specific to or only obtainable in a given lifecycle.
149
150							=item * C, [Deprecated in 1.6] This will be removed in a future
151							version. Use the "manufacturer" method in L instead.
152							The organization that manufactured the component that the BOM describes.
153
154							=item * C, The organization that created the BOM.
155							Manufacturer is common in BOMs created through automated processes. BOMs
156							created through manual means may have `@.authors` instead.
157
158							=item * C, Provides the ability to document properties in a
159							name-value store. This provides flexibility to include data not officially
160							supported in the standard without having to use additional namespaces or
161							create extensions. Unlike key-value stores, properties support duplicate
162							names, each potentially having different values. Property names of interest
163							to the general public are encouraged to be registered in the CycloneDX
164							Property Taxonomy (L).
165							Formal registration is optional.
166
167							=item * C, The organization that supplied the component that the
168							BOM describes. The supplier may often be the manufacturer, but may also be
169							a distributor or repackager.
170
171							=item * C, The date and time (timestamp) when the BOM was created.
172
173							=item * C, The tool(s) used in the creation, enrichment, and
174							validation of the BOM.
175
176							=back
177
178							=item $metadata->BUILD
179
180							=item $metadata->authors
181
182							=item $metadata->component
183
184							=item $metadata->licenses
185
186							=item $metadata->lifecycles
187
188							=item $metadata->manufacture
189
190							=item $metadata->manufacturer
191
192							=item $metadata->properties
193
194							=item $metadata->supplier
195
196							=item $metadata->timestamp
197
198							=item $metadata->tools
199
200							=back
201
202
203							=head1 SUPPORT
204
205							=head2 Bugs / Feature Requests
206
207							Please report any bugs or feature requests through the issue tracker
208							at L.
209							You will be notified automatically of any progress on your issue.
210
211							=head2 Source Code
212
213							This is open source software. The code repository is available for
214							public review and contribution under the terms of the license.
215
216							L
217
218							git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
219
220
221							=head1 AUTHOR
222
223							=over 4
224
225							=item * Giuseppe Di Terlizzi
226
227							=back
228
229
230							=head1 LICENSE AND COPYRIGHT
231
232							This software is copyright (c) 2025-2026 by Giuseppe Di Terlizzi.
233
234							This is free software; you can redistribute it and/or modify it under
235							the same terms as the Perl 5 programming language system itself.
236
237							=cut