File Coverage

blib/lib/SBOM/CycloneDX/Metadata.pm

Criterion	Covered	Total	%
statement	52	53	98.1
branch	14	22	63.6
condition	2	6	33.3
subroutine	13	13	100.0
pod	1	2	50.0
total	82	96	85.4

line	stmt	bran	cond	sub	pod	time	code
1							package SBOM::CycloneDX::Metadata;
2
3	16			16		333	use 5.010001;
	16					59
4	16			16		85	use strict;
	16					30
	16					444
5	16			16		88	use warnings;
	16					29
	16					793
6	16			16		98	use utf8;
	16					51
	16					163
7
8	16			16		614	use Carp;
	16					27
	16					1316
9
10	16			16		7872	use SBOM::CycloneDX::Timestamp;
	16					51
	16					645
11	16			16		111	use SBOM::CycloneDX::List;
	16					32
	16					479
12
13	16			16		77	use Types::Standard qw(Str InstanceOf);
	16					57
	16					149
14	16			16		48394	use Types::TypeTiny qw(ArrayLike);
	16					57
	16					110
15
16	16			16		8468	use Moo;
	16					35
	16					87
17	16			16		6004	use namespace::autoclean;
	16					59
	16					153
18
19							extends 'SBOM::CycloneDX::Base';
20
21							sub BUILD {
22	63			63	0	952	my ($self, $args) = @_;
23							Carp::carp '"manufacture" is deprecated from CycloneDX v1.6. '
24							. 'Use the SBOM::CycloneDX::Component->manufacturer instead'
25	63	50				1568	if exists $args->{manufacture};
26							}
27
28
29							has timestamp => (
30							is => 'rw',
31							isa => InstanceOf ['SBOM::CycloneDX::Timestamp'],
32							coerce => sub { ref($_[0]) ? $_[0] : SBOM::CycloneDX::Timestamp->new($_[0]) }
33							);
34
35							has lifecycles => (
36							is => 'rw',
37							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Metadata::LifeCycle']],
38							default => sub { SBOM::CycloneDX::List->new }
39							);
40
41							# TODO: metadata.tools[] array is DEPRECATED
42
43							has tools => (
44							is => 'rw',
45							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Tool']] \| InstanceOf ['SBOM::CycloneDX::Tools'],
46							default => sub { SBOM::CycloneDX::List->new }
47							);
48
49							has manufacturer => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
50
51							has authors => (
52							is => 'rw',
53							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::OrganizationalContact']],
54							default => sub { SBOM::CycloneDX::List->new }
55							);
56
57							has component => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Component']);
58							has manufacture => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
59							has supplier => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::OrganizationalEntity']);
60
61							has licenses => (
62							is => 'rw',
63							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::License']],
64							default => sub { SBOM::CycloneDX::List->new }
65							);
66
67							has properties => (
68							is => 'rw',
69							isa => ArrayLike [InstanceOf ['SBOM::CycloneDX::Property']],
70							default => sub { SBOM::CycloneDX::List->new }
71							);
72
73							has distribution_constraints => (is => 'rw', isa => InstanceOf ['SBOM::CycloneDX::Metadata::DistributionConstraint']);
74
75							sub TO_JSON {
76
77	541			541	1	4065	my $self = shift;
78
79	541					1062	my $json = {};
80
81	541	50	33			14466	if (ref($self->tools) =~ /List/ && @{$self->tools} \|\| ref($self->tools) =~ /Tools/) {
	541		33			14923
82	0					0	$json->{tools} = $self->tools;
83							}
84
85	541	50				13849	$json->{timestamp} = $self->timestamp if $self->timestamp;
86	541	100				3614	$json->{lifecycles} = $self->lifecycles if @{$self->lifecycles};
	541					9917
87	541	100				1175	$json->{authors} = $self->authors if @{$self->authors};
	541					10493
88	541	50				10799	$json->{component} = $self->component if $self->component;
89	541	50				12430	$json->{manufacture} = $self->manufacture if $self->manufacture;
90	541	50				12464	$json->{supplier} = $self->supplier if $self->supplier;
91	541	100				3496	$json->{licenses} = $self->licenses if @{$self->licenses};
	541					10822
92	541	50				1784	$json->{properties} = $self->properties if @{$self->properties};
	541					10465
93	541	50				10244	$json->{distributionConstraints} = $self->distribution_constraints if $self->distribution_constraints;
94
95	541					7722	return $json;
96
97							}
98
99							1;
100
101							=encoding utf-8
102
103							=head1 NAME
104
105							SBOM::CycloneDX::Metadata - BOM Metadata
106
107							=head1 SYNOPSIS
108
109							SBOM::CycloneDX::Metadata->new();
110
111
112							=head1 DESCRIPTION
113
114							L provides additional information about a BOM.
115
116							=head2 METHODS
117
118							L inherits all methods from L
119							and implements the following new ones.
120
121							=over
122
123							=item SBOM::CycloneDX::Metadata->new( %PARAMS )
124
125							Properties:
126
127							=over
128
129							=item * C, The person(s) who created the BOM.
130							Authors are common in BOMs created through manual processes. BOMs created
131							through automated means may have "manufacturer" instead.
132
133							=item * C, The component that the BOM describes.
134
135							=item * C, The license information for the BOM document.
136							This may be different from the license(s) of the component(s) that the BOM
137							describes.
138
139							=item * C, Lifecycles communicate the stage(s) in which data in
140							the BOM was captured. Different types of data may be available at various
141							phases of a lifecycle, such as the Software Development Lifecycle (SDLC),
142							IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a
143							BOM may include data specific to or only obtainable in a given lifecycle.
144
145							=item * C, [Deprecated in 1.6] This will be removed in a future
146							version. Use the "manufacturer" method in L instead.
147							The organization that manufactured the component that the BOM describes.
148
149							=item * C, The organization that created the BOM.
150							Manufacturer is common in BOMs created through automated processes. BOMs
151							created through manual means may have `@.authors` instead.
152
153							=item * C, Provides the ability to document properties in a
154							name-value store. This provides flexibility to include data not officially
155							supported in the standard without having to use additional namespaces or
156							create extensions. Unlike key-value stores, properties support duplicate
157							names, each potentially having different values. Property names of interest
158							to the general public are encouraged to be registered in the CycloneDX
159							Property Taxonomy (L).
160							Formal registration is optional.
161
162							=item * C, The organization that supplied the component that the
163							BOM describes. The supplier may often be the manufacturer, but may also be
164							a distributor or repackager.
165
166							=item * C, The date and time (timestamp) when the BOM was created.
167
168							=item * C, The tool(s) used in the creation, enrichment, and
169							validation of the BOM.
170
171							=back
172
173							=item $metadata->authors
174
175							=item $metadata->component
176
177							=item $metadata->licenses
178
179							=item $metadata->lifecycles
180
181							=item $metadata->manufacture
182
183							=item $metadata->manufacturer
184
185							=item $metadata->properties
186
187							=item $metadata->supplier
188
189							=item $metadata->timestamp
190
191							=item $metadata->tools
192
193							=back
194
195
196							=head1 SUPPORT
197
198							=head2 Bugs / Feature Requests
199
200							Please report any bugs or feature requests through the issue tracker
201							at L.
202							You will be notified automatically of any progress on your issue.
203
204							=head2 Source Code
205
206							This is open source software. The code repository is available for
207							public review and contribution under the terms of the license.
208
209							L
210
211							git clone https://github.com/giterlizzi/perl-SBOM-CycloneDX.git
212
213
214							=head1 AUTHOR
215
216							=over 4
217
218							=item * Giuseppe Di Terlizzi
219
220							=back
221
222
223							=head1 LICENSE AND COPYRIGHT
224
225							This software is copyright (c) 2025-2026 by Giuseppe Di Terlizzi.
226
227							This is free software; you can redistribute it and/or modify it under
228							the same terms as the Perl 5 programming language system itself.
229
230							=cut