Workflow

Lib4sbom

Latest version: v0.8.1

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 5

0.5.3

Updates in this release

Fixes
- fix: Incorrect name for CycloneDX checksum algorithm (Fixes 23)
- fix: Linting

0.5.2

Updates in this release

New features
- feat: Add vulnerability parser
- feat: Update examples
- feat: Update licence list to version 3.22

Fixes
- doc: Update add_document example (fixes 21)
- fix: cpe type for operating system (fixes 22)
- fix: Metadata component linking to component (fixes 20)
- fix: Typo in comments attribute
- fix: Update property name
- fix: Vulnerability attributes
- test: Additional example

0.5.1

Updates in this release

Fixes
- fix: Crash while generating SBOM (fixes 19)

0.5.0

Updates in this release

New features

- feat: Introduce XML parsing for CycloneDX (fixes 1)
- feat: Add CycloneDX assembly suport (fixes 13)
- feat: Add initial support for SPDX RDF and XML files
- feat: Add vulnerabilities to SBOM
- feat: User defined license handling in SPDX
- feat: Add enhanced metadata attributes
- feat: Add vulnerability object
- feat: Refactor CycloneDX generator
- feat: Allow license text to be specified with license name
- feat: Allow SPDX version to be specified for SPDX documents
- feat: Allow UUID to be user specified
- feat: Reuse metadata from parsed SBOMs
- feat: Update examples

Fixes
- bug: Handle '-' in supplier name (Fixes 14)
- doc: Update README
- fix: Ensure user defined id is valid for SPDX
- fix: Fix metadata tools field of CycloneDX
- fix: Fix organisation typo
- fix: Formatting issues with generated document
- fix: Handle deprecated tools specification in CycloneDX version 1.5
- fix: Handle missing file id
- fix: Id overwritten by name for file object
- fix: License expression handling for CycloneDX
- fix: Linting
- fix: Remove commented code
- fix: Remove debug code
- fix: SPDX handling of user defined component id
- fix: SPDX version field truncated
- fix: Supplier contains digit (fixes 17)
- fix: Tool version metadata handling (CycloneDX)
- fix: Update relationships
- fix: Update test example
- fix: validate supplier type
- Merge pull request 15 from ffontaine/fix-typo
- Merge pull request 18 from ffontaine/fix-tools
- test: Additional Cyclonedx example
- test: Add CycloneDX XML test files

0.4.3

Updates in this release

Fixes
- fix: Handle bom-ref as optional parameter (Fixes 11)

0.4.2

Updates in this release

Fixes
- fix: Explicit handling of Cyclonedx spec versions (Fixes 10)
- fix: incorrect handling of package type
- fix: Missing ':' in serial number (Fixes 9)

Page 3 of 5

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.