Skip to content

feat: add isExternal property to Component for CycloneDX v1.7#959

Open
tonal wants to merge 1 commit into
CycloneDX:mainfrom
tonal:main
Open

feat: add isExternal property to Component for CycloneDX v1.7#959
tonal wants to merge 1 commit into
CycloneDX:mainfrom
tonal:main

Conversation

@tonal

@tonal tonal commented Apr 12, 2026

Copy link
Copy Markdown

Implement the isExternal boolean property on Component as specified in CycloneDX v1.7 schema. An external component is one that is not part of an assembly, but is expected to be provided by the environment.

  • Add is_external property to Component class with XML attribute serialization
  • Create XmlBoolAttribute serialization helper for proper bool handling (JSON: native bool, XML: lowercase string)
  • Add 6 unit tests for is_external (default value, set/get, equality, sorting)
  • Add test fixture and 14 snapshots for JSON/XML output across schema versions
  • Supports v1.7+ schemas only

Description

Adds the isExternal property to Component as defined in the CycloneDX v1.7 XML/JSON schema. This property indicates that a component is external to the organization and expected to be provided by the deployment environment. The implementation includes a custom serialization helper (XmlBoolAttribute) to handle the difference between JSON (native boolean) and XML (lowercase string attribute) serialization requirements.

Resolves or fixes issue: #903

AI Tool Disclosure

  • My contribution does not include any AI-generated content
  • My contribution includes AI-generated content, as disclosed below:
    • AI Tools: Qwen Code (CLI agent)
    • LLMs and versions: Qwen (latest)
    • Prompts: Implement isExternal property for Component per CycloneDX v1.7 spec, including tests and snapshots

Affirmation

@tonal tonal requested a review from a team as a code owner April 12, 2026 08:08
@codacy-production

codacy-production Bot commented Apr 12, 2026
edited
Loading

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 duplication

Metric Results
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@read-the-docs-community

read-the-docs-community Bot commented Apr 12, 2026
edited
Loading

Copy link
Copy Markdown

Documentation build overview

📚 CycloneDX Python Library | 🛠️ Build #33267006 | 📁 Comparing 6119806 against latest (e537812)

  🔍 Preview build  

12 files changed · + 2 added · ± 10 modified

+ Added

± Modified

@jkowalleck jkowalleck mentioned this pull request Apr 12, 2026
Open
9 tasks
@jkowalleck jkowalleck added the enhancement New feature or request label Apr 12, 2026
@jkowalleck

jkowalleck commented Apr 12, 2026

Copy link
Copy Markdown
Member

Thank you so much for contributing this feature, @tonal.
The implementation looks promising at first glance.
A detailed review and merge will take a bit of time, so stay tuned.

jkowalleck
jkowalleck requested changes Jun 17, 2026
View reviewed changes
Comment thread cyclonedx/model/component.py Outdated
self.supplier, self.author, self.publisher,
self.description,
self.mime_type, self.scope, _ComparableTuple(self.hashes),
self.mime_type, self.scope, self.is_external, _ComparableTuple(self.hashes),

@jkowalleck jkowalleck Jun 17, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add self.is_external at the bottom, not in the middle

@tonal tonal Jun 23, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review, @jkowalleck!

self.is_external is now the last field in __comparable_tuple — moved to the bottom, right after crypto_properties/tags.

I also rebased the branch onto the latest main (11.11.0), so it's a single commit on top of current upstream. All tests pass locally (6981/6981), including the is_external unit tests and the JSON/XML snapshots across schema versions.

@tonal @qwencoder
feat: add isExternal property to Component for CycloneDX v1.7
6119806 
Implement the isExternal boolean property on Component as specified in
CycloneDX v1.7 schema. An external component is one that is not part of
an assembly, but is expected to be provided by the environment.

- Add is_external property to Component class with XML attribute serialization
- Create XmlBoolAttribute serialization helper for proper bool handling
- Add unit tests for is_external (default value, set/get, equality, sorting)
- Add test fixture and snapshots for JSON/XML output
- Supports v1.7+ schemas only

Implements: CycloneDX#903

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Signed-off-by: Alexandr N Zamaraev (aka tonal) <tonal@promsoft.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request schema 1.7

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tonal @jkowalleck