CycloneDX
diff --git a/‎cyclonedx/model/component.py
+686-31 b/‎cyclonedx/model/component.py
+686-31
diff --git a/‎tests/_data/models.py
+86 b/‎tests/_data/models.py
+86
diff --git a/‎tests/_data/snapshots/get_bom_with_component_evidence-1.0.xml.bin
+33 b/‎tests/_data/snapshots/get_bom_with_component_evidence-1.0.xml.bin
+33
diff --git a/‎tests/_data/snapshots/get_bom_with_component_evidence-1.1.xml.bin
+135 b/‎tests/_data/snapshots/get_bom_with_component_evidence-1.1.xml.bin
+135
@@ -44,16 +44,23 @@
 from cyclonedx.model.bom import Bom, BomMetaData
 from cyclonedx.model.bom_ref import BomRef
 from cyclonedx.model.component import (
+    AnalysisTechnique,
+    CallStack,
     Commit,
     Component,
     ComponentEvidence,
     ComponentScope,
     ComponentType,
     Diff,
+    Identity,
+    IdentityFieldType,
+    Method,
+    Occurrence,
     OmniborId,
     Patch,
     PatchClassification,
     Pedigree,
+    StackFrame,
     Swhid,
     Swid,
 )
@@ -455,6 +462,10 @@ def get_bom_with_component_setuptools_complete() -> Bom:
     return _make_bom(components=[get_component_setuptools_complete()])
 
 
+def get_bom_with_component_evidence() -> Bom:
+    return _make_bom(components=[get_component_with_evidence()])
+
+
 def get_bom_with_component_setuptools_with_vulnerability() -> Bom:
     bom = _make_bom()
     component = get_component_setuptools_simple()
@@ -737,6 +748,80 @@ def get_component_setuptools_complete(include_pedigree: bool = True) -> Componen
     return component
 
 
+def get_component_with_evidence(include_pedigree: bool = True) -> Component:
+    component = get_component_setuptools_simple(bom_ref='my-specific-bom-ref-for-dings')
+    component.supplier = get_org_entity_1()
+    component.publisher = 'CycloneDX'
+    component.description = 'This component is awesome'
+    component.scope = ComponentScope.REQUIRED
+    component.copyright = 'Apache 2.0 baby!'
+    component.cpe = 'cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*'
+    component.swid = get_swid_1()
+    if include_pedigree:
+        component.pedigree = get_pedigree_1()
+    component.external_references.add(
+        get_external_reference_1()
+    )
+    component.properties = get_properties_1()
+    component.components.update([
+        get_component_setuptools_simple(),
+        get_component_toml_with_hashes_with_references()
+    ])
+    component.evidence = get_component_evidence_basic()
+    component.release_notes = get_release_notes()
+    return component
+
+
+def get_component_evidence_basic() -> ComponentEvidence:
+    """
+    Returns a basic ComponentEvidence object for testing.
+    """
+    return ComponentEvidence(
+        identity=[
+            Identity(
+                field=IdentityFieldType.NAME,
+                confidence=Decimal('0.9'),
+                concluded_value='example-component',
+                methods=[
+                    Method(technique=AnalysisTechnique.SOURCE_CODE_ANALYSIS,
+                           confidence=Decimal('0.8'), value='analysis-tool')
+                ],
+                tools=[
+                    BomRef('ref0'),  # BomRef reference
+                    BomRef('ref1')  # BomRef reference
+                ]
+            )
+        ],
+        occurrences=[
+            Occurrence(
+                location='path/to/file',
+                line=42,
+                offset=16,
+                symbol='exampleSymbol',
+                additional_context='Found in source code',
+                bom_ref='BomRef.2392456298152259.7035102660516194',
+            )
+        ],
+        callstack=CallStack(
+            frames=[
+                StackFrame(
+                    package='example.package',
+                    module='example.module',
+                    function='example_function',
+                    parameters=['param1', 'param2'],
+                    line=10,
+                    column=5,
+                    full_filename='path/to/file',
+                )
+            ]
+        ),
+        licenses=[DisjunctiveLicense(id='MIT')],
+        copyright=[
+            Copyright(text='Commercial'), Copyright(text='Commercial 2')
+        ]
+    )
+
+
 def get_component_setuptools_simple(
     bom_ref: Optional[str] = 'pkg:pypi/[email protected]?extension=tar.gz'
 ) -> Component:
@@ -1485,4 +1570,5 @@ def get_bom_for_issue540_duplicate_components() -> Bom:
     get_bom_with_lifecycles,
     get_bom_with_definitions_standards,
     get_bom_with_definitions_and_detailed_standards,
+    get_bom_with_component_evidence,
 }
@@ -0,0 +1,33 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.0" version="1">
+  <components>
+    <component type="library">
+      <publisher>CycloneDX</publisher>
+      <name>setuptools</name>
+      <version>50.3.2</version>
+      <description>This component is awesome</description>
+      <scope>required</scope>
+      <copyright>Apache 2.0 baby!</copyright>
+      <cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe>
+      <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+      <modified>false</modified>
+      <components>
+        <component type="library">
+          <name>setuptools</name>
+          <version>50.3.2</version>
+          <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+          <modified>false</modified>
+        </component>
+        <component type="library">
+          <name>toml</name>
+          <version>0.10.2</version>
+          <hashes>
+            <hash alg="SHA-256">806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b</hash>
+          </hashes>
+          <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+          <modified>false</modified>
+        </component>
+      </components>
+    </component>
+  </components>
+</bom>
@@ -0,0 +1,135 @@
+<?xml version="1.0" ?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.1" serialNumber="urn:uuid:1441d33a-e0fc-45b5-af3b-61ee52a88bac" version="1">
+  <components>
+    <component type="library" bom-ref="my-specific-bom-ref-for-dings">
+      <publisher>CycloneDX</publisher>
+      <name>setuptools</name>
+      <version>50.3.2</version>
+      <description>This component is awesome</description>
+      <scope>required</scope>
+      <licenses>
+        <license>
+          <id>MIT</id>
+        </license>
+      </licenses>
+      <copyright>Apache 2.0 baby!</copyright>
+      <cpe>cpe:2.3:a:python:setuptools:50.3.2:*:*:*:*:*:*:*</cpe>
+      <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+      <pedigree>
+        <ancestors>
+          <component type="library" bom-ref="ccc8d7ee-4b9c-4750-aee0-a72585152291">
+            <name>setuptools</name>
+            <version>50.3.2</version>
+            <licenses>
+              <license>
+                <id>MIT</id>
+              </license>
+            </licenses>
+            <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+          </component>
+          <component type="library" bom-ref="8a3893b3-9923-4adb-a1d3-47456636ba0a">
+            <name>setuptools</name>
+            <version/>
+            <licenses>
+              <license>
+                <id>MIT</id>
+              </license>
+            </licenses>
+            <purl>pkg:pypi/setuptools?extension=tar.gz</purl>
+          </component>
+        </ancestors>
+        <descendants>
+          <component type="library" bom-ref="28b2d8ce-def0-446f-a221-58dee0b44acc">
+            <name>setuptools</name>
+            <version/>
+            <licenses>
+              <license>
+                <id>MIT</id>
+              </license>
+            </licenses>
+            <purl>pkg:pypi/setuptools?extension=tar.gz</purl>
+          </component>
+          <component type="library" bom-ref="555ca729-93c6-48f3-956e-bdaa4a2f0bfa">
+            <name>toml</name>
+            <version>0.10.2</version>
+            <hashes>
+              <hash alg="SHA-256">806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b</hash>
+            </hashes>
+            <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+            <externalReferences>
+              <reference type="distribution">
+                <url>https://cyclonedx.org</url>
+                <comment>No comment</comment>
+              </reference>
+            </externalReferences>
+          </component>
+        </descendants>
+        <variants>
+          <component type="library" bom-ref="ded1d73e-1fca-4302-b520-f1bc53979958">
+            <name>setuptools</name>
+            <version>50.3.2</version>
+            <licenses>
+              <license>
+                <id>MIT</id>
+              </license>
+            </licenses>
+            <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+          </component>
+          <component type="library" bom-ref="e7abdcca-5ba2-4f29-b2cf-b1e1ef788e66">
+            <name>toml</name>
+            <version>0.10.2</version>
+            <hashes>
+              <hash alg="SHA-256">806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b</hash>
+            </hashes>
+            <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+            <externalReferences>
+              <reference type="distribution">
+                <url>https://cyclonedx.org</url>
+                <comment>No comment</comment>
+              </reference>
+            </externalReferences>
+          </component>
+        </variants>
+        <commits>
+          <commit>
+            <uid>a-random-uid</uid>
+            <message>A commit message</message>
+          </commit>
+        </commits>
+        <notes>Some notes here please</notes>
+      </pedigree>
+      <externalReferences>
+        <reference type="distribution">
+          <url>https://cyclonedx.org</url>
+          <comment>No comment</comment>
+        </reference>
+      </externalReferences>
+      <components>
+        <component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz">
+          <name>setuptools</name>
+          <version>50.3.2</version>
+          <licenses>
+            <license>
+              <id>MIT</id>
+            </license>
+          </licenses>
+          <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+        </component>
+        <component type="library" bom-ref="pkg:pypi/[email protected]?extension=tar.gz">
+          <name>toml</name>
+          <version>0.10.2</version>
+          <hashes>
+            <hash alg="SHA-256">806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b</hash>
+          </hashes>
+          <purl>pkg:pypi/[email protected]?extension=tar.gz</purl>
+          <externalReferences>
+            <reference type="distribution">
+              <url>https://cyclonedx.org</url>
+              <comment>No comment</comment>
+            </reference>
+          </externalReferences>
+        </component>
+      </components>
+    </component>
+  </components>
+</bom>