Compute dynamic pyproject.toml version

[Tom01098]

Is your feature request related to a problem? Please describe.

I want to be able to run

cyclonedx-py requirements --pyproject pyproject.toml --mc-type library -o bom.json

on a project with a dynamic version in its pyproject.toml

dynamic = ["version"]

and have the version be properly stored in the generated BOM.

Describe the solution you'd like

Providing a pyproject.toml with a dynamic version should invoke the build backend to get the version and store it in metadata.component.version.

Unfortunately, I don't think there's a standard way to do this. My possible solutions, both of which I don't like, are:

• Invoke a build and pull the version from its metadata (slow).
• Hardcode solutions for well-known backends (e.g. hatch with hatch-vcs can run hatch version).

Describe alternatives you've considered

I currently run this, using uv and hatch:

# Store direct dependencies in a requirements.txt.
uv sync --no-default-groups --no-install-project
uv pip freeze > requirements.txt

# Install all dependencies.
uv sync

# Build the BOM.
uv run cyclonedx-py requirements --pyproject pyproject.toml --mc-type library -o bom.json

# Manually store the version.
VERSION=$(uv run hatch version)
< bom.json jq --arg version "$VERSION" '.metadata.component.version = $version' | sponge bom.json

Additional context

Contribution

• I am willing to provide an implementation
• I will wait until somebody else implements it