CycloneDX
diff --git a/‎cyclonedx/output/__init__.py
Lines changed: 5 additions & 47 deletions b/‎cyclonedx/output/__init__.py
Lines changed: 5 additions & 47 deletions
diff --git a/‎tests/_data/models.py
Lines changed: 65 additions & 87 deletions b/‎tests/_data/models.py
Lines changed: 65 additions & 87 deletions
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.5.json.bin
Lines changed: 0 additions & 1 deletion b/‎tests/_data/snapshots/enum_Encoding-1.5.json.bin
Lines changed: 0 additions & 1 deletion
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.5.xml.bin
Lines changed: 1 addition & 1 deletion b/‎tests/_data/snapshots/enum_Encoding-1.5.xml.bin
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.6.json.bin
Lines changed: 0 additions & 1 deletion b/‎tests/_data/snapshots/enum_Encoding-1.6.json.bin
Lines changed: 0 additions & 1 deletion
diff --git a/‎tests/_data/snapshots/enum_Encoding-1.6.xml.bin
Lines changed: 1 addition & 1 deletion b/‎tests/_data/snapshots/enum_Encoding-1.6.xml.bin
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin
Lines changed: 0 additions & 17 deletions b/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.json.bin
Lines changed: 0 additions & 17 deletions
diff --git a/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin
Lines changed: 17 additions & 17 deletions b/‎tests/_data/snapshots/get_bom_just_complete_metadata-1.5.xml.bin
Lines changed: 17 additions & 17 deletions
@@ -33,9 +33,6 @@
 if TYPE_CHECKING:  # pragma: no cover
     from ..model.bom import Bom
     from ..model.bom_ref import BomRef
-    from ..model.contact import OrganizationalContact, OrganizationalEntity, PostalAddress
-    from ..model.definition import Level, Requirement, Standard
-    from ..model.license import License
     from .json import Json as JsonOutputter
     from .xml import Xml as XmlOutputter
 
@@ -173,47 +170,8 @@ def _make_unique(self) -> str:
 
     @classmethod
     def from_bom(cls, bom: 'Bom', prefix: str = 'BomRef') -> 'BomRefDiscriminator':
-        """
-        Create an instance containing EVERY ``bom-ref`` in the bom.
-        """
-
-        components = tuple(bom._get_all_components())
-        services = tuple(bom.services)
-        vulnerabilities = tuple(bom.vulnerabilities)
-        orgs: tuple['OrganizationalEntity', ...] = tuple(filter(lambda o: o is not None, chain(  # type:ignore[arg-type]
-            (bom.metadata.manufacture, bom.metadata.manufacturer, bom.metadata.supplier),
-            chain.from_iterable((c.manufacturer, c.supplier,) for c in components),
-            (s.provider for s in services),
-            chain.from_iterable(v.credits.organizations for v in vulnerabilities if v.credits),
-        )))
-        contacts: Iterable['OrganizationalContact'] = chain(
-            bom.metadata.authors,
-            chain.from_iterable(c.authors for c in components),
-            chain.from_iterable(v.credits.individuals for v in vulnerabilities if v.credits),
-            chain.from_iterable(o.contacts for o in orgs),
-        )
-        addresses: Iterable['PostalAddress'] = (o.address for o in orgs if o.address is not None)
-        licenses: Iterable['License'] = chain(
-            bom.metadata.licenses,
-            chain.from_iterable(c.licenses for c in components),
-            chain.from_iterable(c.evidence.licenses for c in components if c.evidence is not None),
-            chain.from_iterable(s.licenses for s in services),
-        )
-        standards: tuple['Standard', ...] = () \
-            if bom.definitions is None \
-            else tuple(bom.definitions.standards)
-        requirements: Iterable['Requirement'] = chain.from_iterable(s.requirements for s in standards)
-        levels: Iterable['Level'] = chain.from_iterable(s.levels for s in standards)
-        relevant_bom_refs: Iterable['BomRef'] = (i.bom_ref for i in chain(
-            components,
-            services,
-            vulnerabilities,
-            orgs,
-            contacts,
-            addresses,
-            licenses,
-            standards,
-            requirements,
-            levels,
-        ))
-        return cls(relevant_bom_refs, prefix)
+        return cls(chain(
+            map(lambda c: c.bom_ref, bom._get_all_components()),
+            map(lambda s: s.bom_ref, bom.services),
+            map(lambda v: v.bom_ref, bom.vulnerabilities)
+        ), prefix)
@@ -5,7 +5,6 @@
       "licenses": [
         {
           "license": {
-            "bom-ref": "dummy_license",
             "name": "att.encoding: BASE_64",
             "text": {
               "content": "att.encoding: BASE_64",
 
@@ -7,7 +7,7 @@
     <component type="library" bom-ref="dummy">
       <name>dummy</name>
       <licenses>
-        <license bom-ref="dummy_license">
+        <license>
           <name>att.encoding: BASE_64</name>
           <text content-type="text/plain" encoding="base64">att.encoding: BASE_64</text>
         </license>
 
@@ -5,7 +5,6 @@
       "licenses": [
         {
           "license": {
-            "bom-ref": "dummy_license",
             "name": "att.encoding: BASE_64",
             "text": {
               "content": "att.encoding: BASE_64",
 
@@ -7,7 +7,7 @@
     <component type="library" bom-ref="dummy">
       <name>dummy</name>
       <licenses>
-        <license bom-ref="dummy_license">
+        <license>
           <name>att.encoding: BASE_64</name>
           <text content-type="text/plain" encoding="base64">att.encoding: BASE_64</text>
         </license>
 
@@ -7,13 +7,11 @@
   "metadata": {
     "authors": [
       {
-        "bom-ref": "OrganizationalContact_ano_bom_authors",
         "email": "[email protected]",
         "name": "A N Other",
         "phone": "+44 (0)1234 567890"
       },
       {
-        "bom-ref": "OrganizationalContact_ph_bom_authors",
         "email": "[email protected]",
         "name": "Paul Horton"
       }
@@ -28,7 +26,6 @@
           "licenses": [
             {
               "license": {
-                "bom-ref": "pkg:pypi/[email protected]?extension=tar.gz_license",
                 "id": "MIT"
               }
             }
@@ -94,7 +91,6 @@
       "licenses": [
         {
           "license": {
-            "bom-ref": "my-specific-bom-ref-for-dings_license",
             "id": "MIT"
           }
         }
@@ -108,7 +104,6 @@
             "licenses": [
               {
                 "license": {
-                  "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license",
                   "id": "MIT"
                 }
               }
@@ -124,7 +119,6 @@
             "licenses": [
               {
                 "license": {
-                  "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license",
                   "id": "MIT"
                 }
               }
@@ -147,7 +141,6 @@
             "licenses": [
               {
                 "license": {
-                  "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license",
                   "id": "MIT"
                 }
               }
@@ -204,7 +197,6 @@
             "licenses": [
               {
                 "license": {
-                  "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license",
                   "id": "MIT"
                 }
               }
@@ -315,16 +307,13 @@
       },
       "scope": "required",
       "supplier": {
-        "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings",
         "contact": [
           {
-            "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings",
             "email": "[email protected]",
             "name": "A N Other",
             "phone": "+44 (0)1234 567890"
           },
           {
-            "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings",
             "email": "[email protected]",
             "name": "Paul Horton"
           }
@@ -351,7 +340,6 @@
     "licenses": [
       {
         "license": {
-          "bom-ref": "bom_license",
           "id": "Apache-2.0",
           "text": {
             "content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=",
@@ -368,16 +356,13 @@
       }
     ],
     "manufacture": {
-      "bom-ref": "OrganizationalEntity_cdx_bom_manufacture",
       "contact": [
         {
-          "bom-ref": "OrganizationalContact_ano_bom_manufacture",
           "email": "[email protected]",
           "name": "A N Other",
           "phone": "+44 (0)1234 567890"
         },
         {
-          "bom-ref": "OrganizationalContact_ph_bom_manufacture",
           "email": "[email protected]",
           "name": "Paul Horton"
         }
@@ -399,10 +384,8 @@
       }
     ],
     "supplier": {
-      "bom-ref": "OrganizationalEntity_cd_x_bom_supplier",
       "contact": [
         {
-          "bom-ref": "OrganizationalContact_ano_bom_supplier",
           "email": "[email protected]",
           "name": "A N Other",
           "phone": "+44 (0)1234 567890"
 
@@ -8,27 +8,27 @@
       </lifecycle>
     </lifecycles>
     <authors>
-      <author bom-ref="OrganizationalContact_ano_bom_authors">
+      <author>
         <name>A N Other</name>
         <email>[email protected]</email>
         <phone>+44 (0)1234 567890</phone>
       </author>
-      <author bom-ref="OrganizationalContact_ph_bom_authors">
+      <author>
         <name>Paul Horton</name>
         <email>[email protected]</email>
       </author>
     </authors>
     <component type="library" bom-ref="my-specific-bom-ref-for-dings">
-      <supplier bom-ref="OrganizationalEntity_cdx_my-specific-bom-ref-for-dings">
+      <supplier>
         <name>CycloneDX</name>
         <url>https://cyclonedx.org</url>
         <url>https://cyclonedx.org/docs</url>
-        <contact bom-ref="OrganizationalContact_ano_my-specific-bom-ref-for-dings">
+        <contact>
           <name>A N Other</name>
           <email>[email protected]</email>
           <phone>+44 (0)1234 567890</phone>
         </contact>
-        <contact bom-ref="OrganizationalContact_ph_my-specific-bom-ref-for-dings">
+        <contact>
           <name>Paul Horton</name>
           <email>[email protected]</email>
         </contact>
@@ -40,7 +40,7 @@
       <description>This component is awesome</description>
       <scope>required</scope>
       <licenses>
-        <license bom-ref="my-specific-bom-ref-for-dings_license">
+        <license>
           <id>MIT</id>
         </license>
       </licenses>
@@ -57,7 +57,7 @@
             <name>setuptools</name>
             <version>50.3.2</version>
             <licenses>
-              <license bom-ref="ccc8d7ee-4b9c-4750-aee0-a72585152291_license">
+              <license>
                 <id>MIT</id>
               </license>
             </licenses>
@@ -67,7 +67,7 @@
             <author>Test Author</author>
             <name>setuptools</name>
             <licenses>
-              <license bom-ref="8a3893b3-9923-4adb-a1d3-47456636ba0a_license">
+              <license>
                 <id>MIT</id>
               </license>
             </licenses>
@@ -79,7 +79,7 @@
             <author>Test Author</author>
             <name>setuptools</name>
             <licenses>
-              <license bom-ref="28b2d8ce-def0-446f-a221-58dee0b44acc_license">
+              <license>
                 <id>MIT</id>
               </license>
             </licenses>
@@ -109,7 +109,7 @@
             <name>setuptools</name>
             <version>50.3.2</version>
             <licenses>
-              <license bom-ref="ded1d73e-1fca-4302-b520-f1bc53979958_license">
+              <license>
                 <id>MIT</id>
               </license>
             </licenses>
@@ -168,7 +168,7 @@
           <name>setuptools</name>
           <version>50.3.2</version>
           <licenses>
-            <license bom-ref="pkg:pypi/[email protected]?extension=tar.gz_license">
+            <license>
               <id>MIT</id>
             </license>
           </licenses>
@@ -243,31 +243,31 @@
         </properties>
       </releaseNotes>
     </component>
-    <manufacture bom-ref="OrganizationalEntity_cdx_bom_manufacture">
+    <manufacture>
       <name>CycloneDX</name>
       <url>https://cyclonedx.org</url>
       <url>https://cyclonedx.org/docs</url>
-      <contact bom-ref="OrganizationalContact_ano_bom_manufacture">
+      <contact>
         <name>A N Other</name>
         <email>[email protected]</email>
         <phone>+44 (0)1234 567890</phone>
       </contact>
-      <contact bom-ref="OrganizationalContact_ph_bom_manufacture">
+      <contact>
         <name>Paul Horton</name>
         <email>[email protected]</email>
       </contact>
     </manufacture>
-    <supplier bom-ref="OrganizationalEntity_cd_x_bom_supplier">
+    <supplier>
       <name>Cyclone DX</name>
       <url>https://cyclonedx.org/</url>
-      <contact bom-ref="OrganizationalContact_ano_bom_supplier">
+      <contact>
         <name>A N Other</name>
         <email>[email protected]</email>
         <phone>+44 (0)1234 567890</phone>
       </contact>
     </supplier>
     <licenses>
-      <license bom-ref="bom_license">
+      <license>
         <id>Apache-2.0</id>
         <text content-type="text/plain" encoding="base64">VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=</text>
         <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,6 @@`
`5`	`5`	`"licenses": [`
`6`	`6`	`{`
`7`	`7`	`"license": {`
`8`		`- "bom-ref": "dummy_license",`
`9`	`8`	`"name": "att.encoding: BASE_64",`
`10`	`9`	`"text": {`
`11`	`10`	`"content": "att.encoding: BASE_64",`
Original file line number	Diff line number	Diff line change
`@@ -7,13 +7,11 @@`
`7`	`7`	`"metadata": {`
`8`	`8`	`"authors": [`
`9`	`9`	`{`
`10`		`- "bom-ref": "OrganizationalContact_ano_bom_authors",`
`11`	`10`	`"email": "[email protected]",`
`12`	`11`	`"name": "A N Other",`
`13`	`12`	`"phone": "+44 (0)1234 567890"`
`14`	`13`	`},`
`15`	`14`	`{`
`16`		`- "bom-ref": "OrganizationalContact_ph_bom_authors",`
`17`	`15`	`"email": "[email protected]",`
`18`	`16`	`"name": "Paul Horton"`
`19`	`17`	`}`
`@@ -28,7 +26,6 @@`
`28`	`26`	`"licenses": [`
`29`	`27`	`{`
`30`	`28`	`"license": {`
`31`		`- "bom-ref": "pkg:pypi/[email protected]?extension=tar.gz_license",`
`32`	`29`	`"id": "MIT"`
`33`	`30`	`}`
`34`	`31`	`}`
`@@ -94,7 +91,6 @@`
`94`	`91`	`"licenses": [`
`95`	`92`	`{`
`96`	`93`	`"license": {`
`97`		`- "bom-ref": "my-specific-bom-ref-for-dings_license",`
`98`	`94`	`"id": "MIT"`
`99`	`95`	`}`
`100`	`96`	`}`
`@@ -108,7 +104,6 @@`
`108`	`104`	`"licenses": [`
`109`	`105`	`{`
`110`	`106`	`"license": {`
`111`		`- "bom-ref": "ccc8d7ee-4b9c-4750-aee0-a72585152291_license",`
`112`	`107`	`"id": "MIT"`
`113`	`108`	`}`
`114`	`109`	`}`
`@@ -124,7 +119,6 @@`
`124`	`119`	`"licenses": [`
`125`	`120`	`{`
`126`	`121`	`"license": {`
`127`		`- "bom-ref": "8a3893b3-9923-4adb-a1d3-47456636ba0a_license",`
`128`	`122`	`"id": "MIT"`
`129`	`123`	`}`
`130`	`124`	`}`
`@@ -147,7 +141,6 @@`
`147`	`141`	`"licenses": [`
`148`	`142`	`{`
`149`	`143`	`"license": {`
`150`		`- "bom-ref": "28b2d8ce-def0-446f-a221-58dee0b44acc_license",`
`151`	`144`	`"id": "MIT"`
`152`	`145`	`}`
`153`	`146`	`}`
`@@ -204,7 +197,6 @@`
`204`	`197`	`"licenses": [`
`205`	`198`	`{`
`206`	`199`	`"license": {`
`207`		`- "bom-ref": "ded1d73e-1fca-4302-b520-f1bc53979958_license",`
`208`	`200`	`"id": "MIT"`
`209`	`201`	`}`
`210`	`202`	`}`
`@@ -315,16 +307,13 @@`
`315`	`307`	`},`
`316`	`308`	`"scope": "required",`
`317`	`309`	`"supplier": {`
`318`		`- "bom-ref": "OrganizationalEntity_cdx_my-specific-bom-ref-for-dings",`
`319`	`310`	`"contact": [`
`320`	`311`	`{`
`321`		`- "bom-ref": "OrganizationalContact_ano_my-specific-bom-ref-for-dings",`
`322`	`312`	`"email": "[email protected]",`
`323`	`313`	`"name": "A N Other",`
`324`	`314`	`"phone": "+44 (0)1234 567890"`
`325`	`315`	`},`
`326`	`316`	`{`
`327`		`- "bom-ref": "OrganizationalContact_ph_my-specific-bom-ref-for-dings",`
`328`	`317`	`"email": "[email protected]",`
`329`	`318`	`"name": "Paul Horton"`
`330`	`319`	`}`
`@@ -351,7 +340,6 @@`
`351`	`340`	`"licenses": [`
`352`	`341`	`{`
`353`	`342`	`"license": {`
`354`		`- "bom-ref": "bom_license",`
`355`	`343`	`"id": "Apache-2.0",`
`356`	`344`	`"text": {`
`357`	`345`	`"content": "VGVzdCBjb250ZW50IC0gdGhpcyBpcyBub3QgdGhlIEFwYWNoZSAyLjAgbGljZW5zZSE=",`
`@@ -368,16 +356,13 @@`
`368`	`356`	`}`
`369`	`357`	`],`
`370`	`358`	`"manufacture": {`
`371`		`- "bom-ref": "OrganizationalEntity_cdx_bom_manufacture",`
`372`	`359`	`"contact": [`
`373`	`360`	`{`
`374`		`- "bom-ref": "OrganizationalContact_ano_bom_manufacture",`
`375`	`361`	`"email": "[email protected]",`
`376`	`362`	`"name": "A N Other",`
`377`	`363`	`"phone": "+44 (0)1234 567890"`
`378`	`364`	`},`
`379`	`365`	`{`
`380`		`- "bom-ref": "OrganizationalContact_ph_bom_manufacture",`
`381`	`366`	`"email": "[email protected]",`
`382`	`367`	`"name": "Paul Horton"`
`383`	`368`	`}`
`@@ -399,10 +384,8 @@`
`399`	`384`	`}`
`400`	`385`	`],`
`401`	`386`	`"supplier": {`
`402`		`- "bom-ref": "OrganizationalEntity_cd_x_bom_supplier",`
`403`	`387`	`"contact": [`
`404`	`388`	`{`
`405`		`- "bom-ref": "OrganizationalContact_ano_bom_supplier",`
`406`	`389`	`"email": "[email protected]",`
`407`	`390`	`"name": "A N Other",`
`408`	`391`	`"phone": "+44 (0)1234 567890"`