cdx:python Namespace Taxonomy
October 28, 2025 ยท View on GitHub
This is the namespace for official CycloneDX properties related to the Python general packaging.
The official rules and processes apply - see parent document.
Boolean value are true or false; case sensitive.
| Namespace | Description |
|---|---|
cdx:python:package | Namespace for package specific properties. |
cdx:python:package Namespace Taxonomy
| Property | Description |
|---|---|
cdx:python:package:required-extra | The package's extra that was required. Value MAY be normalized. Non-empty string value. May appear multiple times with different values. |
| Namespace | Description |
|---|---|
cdx:python:package:source | Namespace for package-source specific properties. |
cdx:python:package:source Namespace Taxonomy
In accordance with PEP610
and packaging's direct-url
and packaging's direct-url data structure
.
| Property | Description |
|---|---|
cdx:python:package:source:subdirectory | Directory path, relative to the root of the VCS repository, source archive or local directory, to specify where pyproject.toml or setup.py is located. Non-empty string value. May appear once. |
| Namespace | Description |
|---|---|
cdx:python:package:source:archive | Namespace for package-source archive-specific properties. |
cdx:python:package:source:vcs | Namespace for package-source vcs-specific properties. |
cdx:python:package:source:local | Namespace for package-source local-specific properties. |
cdx:python:package:source:archive Namespace Taxonomy
In accordance with packaging's direct-url data structure for Archive.
| Property | Description |
|---|---|
There are no properties regiestered so far.
The hashes of an archive should be added to the ExternalReference that represents the package source.
cdx:python:package:source:vcs Namespace Taxonomy
In accordance with packaging's direct-url data structure for VCS
| Property | Description |
|---|---|
cdx:python:package:source:vcs:requested_revision | The repository reference of this package, e.g. "master", "1.0.0" or a commit hash for git. Values may be applied to externalReferences of type vcs. Non-empty string value. May appear once. |
cdx:python:package:source:vcs:commit_id | The resolved repository reference of this package, e.g. a commit hash for git. Values may be applied to externalReferences of type vcs. Non-empty string value. May appear once. |
cdx:python:package:source:local Namespace Taxonomy
In accordance with packaging's direct-url data structure for Local
| Property | Description |
|---|---|
cdx:python:package:source:local:editable | Wether this local package was installed in editable/developer mode. Boolean value. If the property is missing, then assume the value to be false. May appear once. |