utils.cpe.get_cpe_identifier

utils.cpe.get_cpe_identifier(version='*')

Generates the CPE 2.3 identifier for the spotforecast2-safe project.

This function constructs a Common Platform Enumeration (CPE) 2.3 formatted string that uniquely identifies the spotforecast2-safe software. CPE identifiers are standardized by NIST and are essential for vulnerability tracking, software inventory management, and compliance documentation (e.g., EU AI Act, SBOM generation).

The returned CPE follows the format

cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other

Parameters

Name Type Description Default
version str The specific version of the software. Use wildcard “” to match all versions, or provide a semantic version string (e.g., ”0.8.0”, ”0.8.0-rc.1”). Defaults to ””. '*'

Returns

Name Type Description
str str The formatted Common Platform Enumeration 2.3 string.

Raises

Name Type Description
TypeError If version is not a string.

Examples

from spotforecast2_safe.utils.cpe import get_cpe_identifier

result = get_cpe_identifier()
print(result)
assert result == "cpe:2.3:a:sequential_parameter_optimization:spotforecast2_safe:*:*:*:*:*:*:*:*"
cpe:2.3:a:sequential_parameter_optimization:spotforecast2_safe:*:*:*:*:*:*:*:*

Generate a CPE identifier for a specific release version:

from spotforecast2_safe.utils.cpe import get_cpe_identifier

result = get_cpe_identifier("0.8.0")
print(result)
assert result == "cpe:2.3:a:sequential_parameter_optimization:spotforecast2_safe:0.8.0:*:*:*:*:*:*:*"
cpe:2.3:a:sequential_parameter_optimization:spotforecast2_safe:0.8.0:*:*:*:*:*:*:*

Generate a CPE identifier for a release candidate version:

from spotforecast2_safe.utils.cpe import get_cpe_identifier

result = get_cpe_identifier("0.8.0-rc.1")
print(result)
assert result == "cpe:2.3:a:sequential_parameter_optimization:spotforecast2_safe:0.8.0-rc.1:*:*:*:*:*:*:*"
cpe:2.3:a:sequential_parameter_optimization:spotforecast2_safe:0.8.0-rc.1:*:*:*:*:*:*:*

Note

This function is used in compliance documentation, SBOM (Software Bill of Materials) generation, and vulnerability tracking. The CPE identifier should be included in release notes and security advisories.

See Also

For more information on CPE 2.3 specification, visit: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-188.pdf