diff --git a/cyclonedx_py/_internal/__init__.py b/cyclonedx_py/_internal/__init__.py
index 0fec109a..d718f27b 100644
--- a/cyclonedx_py/_internal/__init__.py
+++ b/cyclonedx_py/_internal/__init__.py
@@ -45,29 +45,39 @@ def __call__(self, **kwargs: Any) -> 'Bom':  # pragma: no cover
         ...
 
 
-class PropertyName(Enum):
+class PropertyValue(Enum):
     # region general
     # see https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx.md
     BooleanTrue = 'true'
     BooleanFalse = 'false'
+    # endregion general
+
 
+class PropertyName(Enum):
+    # region general
+    # see https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx.md
     Reproducible = 'cdx:reproducible'
     # endregion general
 
     # region python
     # see https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/python.md
-    PackageExtra = 'cdx:python:package:required-extra'
-    PackageSourceSubdirectory = 'cdx:python:package:source:subdirectory'
-    PackageSourceVcsRequestedRevision = 'cdx:poetry:package:source:vcs:requested_revision'
-    PackageSourceVcsCommitId = 'cdx:poetry:package:source:vcs:commit_id'
-    PackageSourceLocalEditable = 'cdx:python:package:source:local:editable'
+    PythonPackageExtra = 'cdx:python:package:required-extra'
+    PythonPackageSourceSubdirectory = 'cdx:python:package:source:subdirectory'
+    PythonPackageSourceVcsRequestedRevision = 'cdx:python:package:source:vcs:requested_revision'
+    PythonPackageSourceVcsCommitId = 'cdx:python:package:source:vcs:commit_id'
+    PythonPackageSourceLocalEditable = 'cdx:python:package:source:local:editable'
     # endregion python
 
     # region poetry
     # see https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/poetry.md
     PoetryGroup = 'cdx:poetry:group'
-    PoetryPackageSourceReference = 'cdx:poetry:source:package:reference'
+    # region poetry-deprecated
+    # the following property names are deprecated
+    PoetryPackageSourceReference_misspelled = 'cdx:poetry:source:package:reference'
     PoetryPackageSourceResolvedReference = 'cdx:poetry:package:source:resolved_reference'
+    PoetryPackageSourceVcsRequestedRevision = 'cdx:poetry:package:source:vcs:requested_revision'
+    PoetryPackageSourceVcsCommitId = 'cdx:poetry:package:source:vcs:commit_id'
+    # endregion poetry-deprecated
     # endregion poetry
 
     # region pipenv
diff --git a/cyclonedx_py/_internal/cli.py b/cyclonedx_py/_internal/cli.py
index d8efc472..e3cd2fce 100644
--- a/cyclonedx_py/_internal/cli.py
+++ b/cyclonedx_py/_internal/cli.py
@@ -27,7 +27,7 @@
 from cyclonedx.validation import make_schemabased_validator
 
 from .. import __version__
-from . import PropertyName
+from . import PropertyName, PropertyValue
 from .environment import EnvironmentBB
 from .pipenv import PipenvBB
 from .poetry import PoetryBB
@@ -230,7 +230,7 @@ def _make_output(self, bom: 'Bom') -> str:
 
         if self._output_reproducible:
             bom.metadata.properties.add(Property(name=PropertyName.Reproducible.value,
-                                                 value=PropertyName.BooleanTrue.value))
+                                                 value=PropertyValue.BooleanTrue.value))
             # dirty hacks to remove these mandatory properties
             bom.serial_number = None  # type:ignore[assignment]
             bom.metadata.timestamp = None  # type:ignore[assignment]
diff --git a/cyclonedx_py/_internal/environment.py b/cyclonedx_py/_internal/environment.py
index 5b67ce10..abc13b00 100644
--- a/cyclonedx_py/_internal/environment.py
+++ b/cyclonedx_py/_internal/environment.py
@@ -224,7 +224,7 @@ def __finalize_dependencies(self, bom: 'Bom', all_components: 'T_AllComponents')
                 component_deps.append(req_component)
                 req_component.properties.update(
                     Property(
-                        name=PropertyName.PackageExtra.value,
+                        name=PropertyName.PythonPackageExtra.value,
                         value=normalize_packagename(extra)
                     ) for extra in req.extras
                 )
@@ -236,16 +236,25 @@ def __component_add_extref_and_purl(self, component: 'Component',
         purl_subpath = None
         if packagesource is not None:
             if packagesource.subdirectory:
-                component.properties.add(Property(name=PropertyName.PackageSourceSubdirectory.value,
-                                                  value=packagesource.subdirectory))
+                component.properties.add(Property(
+                    name=PropertyName.PythonPackageSourceSubdirectory.value,
+                    value=packagesource.subdirectory))
                 purl_subpath = packagesource.subdirectory
             if isinstance(packagesource, PackageSourceVcs):
                 purl_qs['vcs_url'] = f'{packagesource.vcs}+{packagesource.url}@{packagesource.commit_id}'
-                component.properties.add(Property(name=PropertyName.PackageSourceVcsCommitId.value,
-                                                  value=packagesource.commit_id))
+                component.properties.add(Property(
+                    name=PropertyName.PythonPackageSourceVcsCommitId.value,
+                    value=packagesource.commit_id))
+                component.properties.add(Property(
+                    name=PropertyName.PoetryPackageSourceVcsCommitId.value,  # deprecated
+                    value=packagesource.commit_id))
                 if packagesource.requested_revision:
-                    component.properties.add(Property(name=PropertyName.PackageSourceVcsRequestedRevision.value,
-                                                      value=packagesource.requested_revision))
+                    component.properties.add(Property(
+                        name=PropertyName.PythonPackageSourceVcsRequestedRevision.value,
+                        value=packagesource.requested_revision))
+                    component.properties.add(Property(
+                        name=PropertyName.PoetryPackageSourceVcsRequestedRevision.value,  # deprecated
+                        value=packagesource.requested_revision))
             elif isinstance(packagesource, PackageSourceArchive):
                 if '://files.pythonhosted.org/' not in packagesource.url:
                     # skip PURL bloat, do not add implicit information
diff --git a/cyclonedx_py/_internal/pipenv.py b/cyclonedx_py/_internal/pipenv.py
index b226c106..91cf397f 100644
--- a/cyclonedx_py/_internal/pipenv.py
+++ b/cyclonedx_py/_internal/pipenv.py
@@ -187,7 +187,7 @@ def _make_bom(self, root_c: Optional['Component'],
                 ))
                 component.properties.update(
                     Property(
-                        name=PropertyName.PackageExtra.value,
+                        name=PropertyName.PythonPackageExtra.value,
                         value=normalize_packagename(package_extra)
                     ) for package_extra in package_data.get('extras', ())
                 )
diff --git a/cyclonedx_py/_internal/poetry.py b/cyclonedx_py/_internal/poetry.py
index 81be8648..36d13b6a 100644
--- a/cyclonedx_py/_internal/poetry.py
+++ b/cyclonedx_py/_internal/poetry.py
@@ -261,7 +261,7 @@ def _make_bom(self, project: 'T_NameDict', locker: 'T_NameDict',
         root_c.bom_ref.value = root_c.name
         root_c.properties.update(
             Property(
-                name=PropertyName.PackageExtra.value,
+                name=PropertyName.PythonPackageExtra.value,
                 value=extra
             ) for extra in use_extras
         )
@@ -344,7 +344,7 @@ def __add_dep(self, bom: 'Bom', lock_entry: _LockEntry, use_extras: Iterable[str
             use_extras = frozenset(map(normalize_packagename, use_extras))
             lock_entry.component.properties.update(
                 Property(
-                    name=PropertyName.PackageExtra.value,
+                    name=PropertyName.PythonPackageExtra.value,
                     value=extra
                 ) for extra in use_extras
             )
@@ -403,20 +403,30 @@ def __make_component4lock(self, package: 'T_NameDict') -> 'Component':
             description=package.get('description'),
             scope=ComponentScope.OPTIONAL if package.get('optional') else None,
             external_references=self.__extrefs4lock(package),
-            properties=filter(lambda p: p and p.value, [  # type: ignore[arg-type]
+            properties=filter(lambda p: p and p.value, (  # type: ignore[arg-type]
+                Property(
+                    name=PropertyName.PythonPackageSourceVcsRequestedRevision.value,
+                    value=source['reference']
+                ) if is_vcs and 'reference' in source else None,
+                Property(
+                    name=PropertyName.PythonPackageSourceVcsCommitId.value,
+                    value=source['resolved_reference']
+                ) if is_vcs and 'resolved_reference' in source else None,
                 Property(  # for backwards compatibility: category -> group
                     name=PropertyName.PoetryGroup.value,
                     value=package['category']
                 ) if 'category' in package else None,
+                # region deprecated
                 Property(
-                    name=PropertyName.PoetryPackageSourceReference.value,
+                    name=PropertyName.PoetryPackageSourceReference_misspelled.value,  # deprecated
                     value=source['reference']
                 ) if is_vcs and 'reference' in source else None,
                 Property(
-                    name=PropertyName.PoetryPackageSourceResolvedReference.value,
+                    name=PropertyName.PoetryPackageSourceResolvedReference.value,  # deprecated
                     value=source['resolved_reference']
                 ) if is_vcs and 'resolved_reference' in source else None,
-            ]),
+                # endregion deprecated
+            )),
             purl=PackageURL(
                 type=PurlTypePypi,
                 name=package['name'],
diff --git a/cyclonedx_py/_internal/requirements.py b/cyclonedx_py/_internal/requirements.py
index e3634a78..a9a78f1a 100644
--- a/cyclonedx_py/_internal/requirements.py
+++ b/cyclonedx_py/_internal/requirements.py
@@ -225,7 +225,7 @@ def _make_component(self, req: 'InstallRequirement',
             ) if not is_local and name else None,
             external_references=external_references,
             properties=(Property(
-                name=PropertyName.PackageExtra.value,
+                name=PropertyName.PythonPackageExtra.value,
                 value=normalize_packagename(extra)
             ) for extra in req.extras)
         )
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.3.json.bin b/tests/_data/snapshots/environment/plain_with-urls_1.3.json.bin
index 8f0dfdf8..9429c24c 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.3.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.3.json.bin
@@ -41,6 +41,14 @@
         {
           "name": "cdx:poetry:package:source:vcs:requested_revision",
           "value": "23.2"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "b3a5d7d68991c040615d5345bb55f61de53ba176"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "23.2"
         }
       ],
       "purl": "pkg:pypi/packaging@23.2?vcs_url=git%2Bhttps://github.com/pypa/packaging.git%40b3a5d7d68991c040615d5345bb55f61de53ba176",
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.3.xml.bin b/tests/_data/snapshots/environment/plain_with-urls_1.3.xml.bin
index aff81dc5..aed0badc 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.3.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.3.xml.bin
@@ -53,6 +53,8 @@
       <properties>
         <property name="cdx:poetry:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
         <property name="cdx:poetry:package:source:vcs:requested_revision">23.2</property>
+        <property name="cdx:python:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">23.2</property>
       </properties>
     </component>
     <component type="library" bom-ref="six==1.16.0">
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.4.json.bin b/tests/_data/snapshots/environment/plain_with-urls_1.4.json.bin
index cd06c76a..e345e655 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.4.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.4.json.bin
@@ -41,6 +41,14 @@
         {
           "name": "cdx:poetry:package:source:vcs:requested_revision",
           "value": "23.2"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "b3a5d7d68991c040615d5345bb55f61de53ba176"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "23.2"
         }
       ],
       "purl": "pkg:pypi/packaging@23.2?vcs_url=git%2Bhttps://github.com/pypa/packaging.git%40b3a5d7d68991c040615d5345bb55f61de53ba176",
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.4.xml.bin b/tests/_data/snapshots/environment/plain_with-urls_1.4.xml.bin
index f388a968..28b52284 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.4.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.4.xml.bin
@@ -80,6 +80,8 @@
       <properties>
         <property name="cdx:poetry:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
         <property name="cdx:poetry:package:source:vcs:requested_revision">23.2</property>
+        <property name="cdx:python:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">23.2</property>
       </properties>
     </component>
     <component type="library" bom-ref="six==1.16.0">
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.5.json.bin b/tests/_data/snapshots/environment/plain_with-urls_1.5.json.bin
index ebef0b76..e9057aaf 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.5.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.5.json.bin
@@ -41,6 +41,14 @@
         {
           "name": "cdx:poetry:package:source:vcs:requested_revision",
           "value": "23.2"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "b3a5d7d68991c040615d5345bb55f61de53ba176"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "23.2"
         }
       ],
       "purl": "pkg:pypi/packaging@23.2?vcs_url=git%2Bhttps://github.com/pypa/packaging.git%40b3a5d7d68991c040615d5345bb55f61de53ba176",
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.5.xml.bin b/tests/_data/snapshots/environment/plain_with-urls_1.5.xml.bin
index 413bef66..dda892d6 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.5.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.5.xml.bin
@@ -80,6 +80,8 @@
       <properties>
         <property name="cdx:poetry:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
         <property name="cdx:poetry:package:source:vcs:requested_revision">23.2</property>
+        <property name="cdx:python:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">23.2</property>
       </properties>
     </component>
     <component type="library" bom-ref="six==1.16.0">
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.6.json.bin b/tests/_data/snapshots/environment/plain_with-urls_1.6.json.bin
index c7106498..26660354 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.6.json.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.6.json.bin
@@ -43,6 +43,14 @@
         {
           "name": "cdx:poetry:package:source:vcs:requested_revision",
           "value": "23.2"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "b3a5d7d68991c040615d5345bb55f61de53ba176"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "23.2"
         }
       ],
       "purl": "pkg:pypi/packaging@23.2?vcs_url=git%2Bhttps://github.com/pypa/packaging.git%40b3a5d7d68991c040615d5345bb55f61de53ba176",
diff --git a/tests/_data/snapshots/environment/plain_with-urls_1.6.xml.bin b/tests/_data/snapshots/environment/plain_with-urls_1.6.xml.bin
index d79d1059..1b7efbd2 100644
--- a/tests/_data/snapshots/environment/plain_with-urls_1.6.xml.bin
+++ b/tests/_data/snapshots/environment/plain_with-urls_1.6.xml.bin
@@ -80,6 +80,8 @@
       <properties>
         <property name="cdx:poetry:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
         <property name="cdx:poetry:package:source:vcs:requested_revision">23.2</property>
+        <property name="cdx:python:package:source:vcs:commit_id">b3a5d7d68991c040615d5345bb55f61de53ba176</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">23.2</property>
       </properties>
     </component>
     <component type="library" bom-ref="six==1.16.0">
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.json.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.json.bin
index 0c50abfe..7884c176 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.json.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "2.3.5"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "2.3.5"
         }
       ],
       "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6",
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.xml.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.xml.bin
index adc951da..24a86ce4 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.3.xml.bin
@@ -38,6 +38,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
         <property name="cdx:poetry:source:package:reference">2.3.5</property>
+        <property name="cdx:python:package:source:vcs:commit_id">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">2.3.5</property>
       </properties>
     </component>
     <component type="library" bom-ref="pathlib2@2.3.5">
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.json.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.json.bin
index 20cedb8e..54833efe 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.json.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "2.3.5"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "2.3.5"
         }
       ],
       "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6",
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.xml.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.xml.bin
index b54a5a71..31f531ee 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.4.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
         <property name="cdx:poetry:source:package:reference">2.3.5</property>
+        <property name="cdx:python:package:source:vcs:commit_id">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">2.3.5</property>
       </properties>
     </component>
     <component type="library" bom-ref="pathlib2@2.3.5">
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.json.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.json.bin
index 6deee8fb..9dd944e9 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.json.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "2.3.5"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "2.3.5"
         }
       ],
       "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6",
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.xml.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.xml.bin
index 615e5089..d8b53908 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.5.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
         <property name="cdx:poetry:source:package:reference">2.3.5</property>
+        <property name="cdx:python:package:source:vcs:commit_id">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">2.3.5</property>
       </properties>
     </component>
     <component type="library" bom-ref="pathlib2@2.3.5">
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.json.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.json.bin
index 8cc093c4..3587e51e 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.json.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "2.3.5"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "2.3.5"
         }
       ],
       "purl": "pkg:pypi/pathlib2@2.3.5?vcs_url=git%2Bhttps://github.com/jazzband/pathlib2.git%405a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6",
diff --git a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.xml.bin b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.xml.bin
index 4bddb967..466fdce6 100644
--- a/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_multi-constraint-deps_lock20_1.6.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
         <property name="cdx:poetry:source:package:reference">2.3.5</property>
+        <property name="cdx:python:package:source:vcs:commit_id">5a6a88db3cc1d08dbc86fbe15edfb69fb5f5a3d6</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">2.3.5</property>
       </properties>
     </component>
     <component type="library" bom-ref="pathlib2@2.3.5">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.json.bin
index 14c3ba63..125fbde1 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.json.bin
@@ -19,6 +19,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -65,6 +69,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.xml.bin
index 28c2d00e..738b0549 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.3.xml.bin
@@ -37,6 +37,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">da59ad000d1405eaecd557175e29083a87d19f7c</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -68,6 +69,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">65486e4383f9f411da95937451205d3c7b61b9e1</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.json.bin
index 5a0767f9..4733e13e 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.json.bin
@@ -19,6 +19,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -65,6 +69,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.xml.bin
index 7cea5129..8d3f34c1 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.4.xml.bin
@@ -64,6 +64,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">da59ad000d1405eaecd557175e29083a87d19f7c</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -95,6 +96,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">65486e4383f9f411da95937451205d3c7b61b9e1</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.json.bin
index ef00a489..0df8c5a0 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.json.bin
@@ -19,6 +19,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -65,6 +69,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.xml.bin
index 05f94424..417afd85 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.5.xml.bin
@@ -64,6 +64,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">da59ad000d1405eaecd557175e29083a87d19f7c</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -95,6 +96,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">65486e4383f9f411da95937451205d3c7b61b9e1</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.json.bin
index 026a2175..275a833b 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.json.bin
@@ -19,6 +19,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -65,6 +69,10 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.xml.bin
index db2ede0d..7a1cc909 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock10_1.6.xml.bin
@@ -64,6 +64,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">da59ad000d1405eaecd557175e29083a87d19f7c</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -95,6 +96,7 @@
       <properties>
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:source:package:reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">65486e4383f9f411da95937451205d3c7b61b9e1</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.json.bin
index b4d0630d..6a45b5ae 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -73,6 +81,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.xml.bin
index ad79f909..6c701dad 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.3.xml.bin
@@ -38,6 +38,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -70,6 +72,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.json.bin
index daadddcc..871ac352 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -73,6 +81,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.xml.bin
index 7e01c20b..16fdcdcb 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.4.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -97,6 +99,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.json.bin
index 1a98f44c..740d9bff 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -73,6 +81,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.xml.bin
index 076add61..418b550c 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.5.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -97,6 +99,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.json.bin
index e9861358..ee1e498f 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -73,6 +81,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.xml.bin
index 6aca0bec..01b7a02c 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock11_1.6.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -97,6 +99,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.json.bin
index 4b7970f5..27573afa 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -79,6 +87,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.xml.bin
index 530aa048..c9c5d25b 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.3.xml.bin
@@ -38,6 +38,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -73,6 +75,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.json.bin
index 9d6e60d9..cfbf70af 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -79,6 +87,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.xml.bin
index 702b929e..25ac8f04 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.4.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -100,6 +102,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.json.bin
index a90489ee..779461c8 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -79,6 +87,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.xml.bin
index 8893d1ae..27c7ec1c 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.5.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -100,6 +102,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.json.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.json.bin
index 67a67137..e354ffa7 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.json.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.json.bin
@@ -23,6 +23,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "10.1.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "da59ad000d1405eaecd557175e29083a87d19f7c"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "10.1.0"
         }
       ],
       "purl": "pkg:pypi/pillow@10.1.0?vcs_url=git%2Bhttps://github.com/python-pillow/Pillow.git%40da59ad000d1405eaecd557175e29083a87d19f7c",
@@ -79,6 +87,14 @@
         {
           "name": "cdx:poetry:source:package:reference",
           "value": "1.16.0"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:commit_id",
+          "value": "65486e4383f9f411da95937451205d3c7b61b9e1"
+        },
+        {
+          "name": "cdx:python:package:source:vcs:requested_revision",
+          "value": "1.16.0"
         }
       ],
       "purl": "pkg:pypi/six@1.16.0?vcs_url=git%2Bssh://git%40github.com/benjaminp/six.git%4065486e4383f9f411da95937451205d3c7b61b9e1",
diff --git a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.xml.bin b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.xml.bin
index 44d5bfe7..3cb13878 100644
--- a/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.xml.bin
+++ b/tests/_data/snapshots/poetry/plain_with-urls_lock20_1.6.xml.bin
@@ -65,6 +65,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">da59ad000d1405eaecd557175e29083a87d19f7c</property>
         <property name="cdx:poetry:source:package:reference">10.1.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">da59ad000d1405eaecd557175e29083a87d19f7c</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">10.1.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="numpy@1.24.4">
@@ -100,6 +102,8 @@
         <property name="cdx:poetry:group">main</property>
         <property name="cdx:poetry:package:source:resolved_reference">65486e4383f9f411da95937451205d3c7b61b9e1</property>
         <property name="cdx:poetry:source:package:reference">1.16.0</property>
+        <property name="cdx:python:package:source:vcs:commit_id">65486e4383f9f411da95937451205d3c7b61b9e1</property>
+        <property name="cdx:python:package:source:vcs:requested_revision">1.16.0</property>
       </properties>
     </component>
     <component type="library" bom-ref="wxPython@4.2.2a1.dev5618+1f82021f">