#cyclone-dx #serde #sbom #serialization

serde-cyclonedx

Serde serialization for CycloneDx files

15 releases (8 breaking)

new 0.9.1 Jul 9, 2024
0.8.4 Jul 13, 2023
0.7.2 Jul 10, 2023

#882 in Encoding

Download history 423/week @ 2024-03-13 285/week @ 2024-03-20 280/week @ 2024-03-27 322/week @ 2024-04-03 425/week @ 2024-04-10 298/week @ 2024-04-17 292/week @ 2024-04-24 301/week @ 2024-05-01 317/week @ 2024-05-08 262/week @ 2024-05-15 297/week @ 2024-05-22 349/week @ 2024-05-29 405/week @ 2024-06-05 346/week @ 2024-06-12 223/week @ 2024-06-19 382/week @ 2024-06-26

1,446 downloads per month
Used in cargo-sbom

MIT license

88KB
106 lines

Workflow Status

serde-cyclonedx

This crate provides a type safe serde compatible CycloneDx format. It is intended for use in Rust code which may need to read or write CycloneDx files.

The latest documentation can be found here.

serde is a popular serialization framework for Rust. More information can be found on the official repository: https://github.com/serde-rs/serde

CycloneDx is an industry standard format for maintaining a Software Bill of Materials (SBOM). More information can be found on the official website: https://cyclonedx.org/.

Usage

For most cases, simply use the root cyclonedx::v_1_4::CycloneDx struct with [serde] to read and write to and from the struct.

Example

use serde_cyclonedx::cyclonedx::v_1_4::CycloneDx;

let data = fs::read_to_string("sbom.cyclonedx.json");
let cyclonedx: CycloneDx = serde_json::from_str(&data).unwrap();

Because many of the cyclonedx::v_1_4::CycloneDx structures contain a lot of optional fields, it is often convenient to use the builder pattern to contstruct these structs. Each structure has a builder with a default.

Example

use serde_cyclonedx::cyclonedx::v_1_4::CycloneDxBuilder;

let cyclonedx = CycloneDxBuilder::default()
  .bom_format("CycloneDX")
  .spec_version("1.4")
  .version(1)
  .build()
  .unwrap();

Internal Implementation Details

The root struct is automatically generated from the parsed CycloneDX JSON schemas, this is done at build time (via the buildscript).

License: MIT

Dependencies

~1.3–2.2MB
~46K SLoC