CycloneDX BOM Standard
Verified
We've verified that the organizationCycloneDX controls the domain:
- cyclonedx.org
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports:
- Software Bill of Materials (SBOM)
- Software-as-a-Service Bill of Materials (SaaSBOM)
- Hardware Bill of Materials (HBOM)
- Machine Learning Bill of Materials (ML-BOM)
- Cryptography Bill of Materials (CBOM)
- Manufacturing Bill of Materials (MBOM)
- Operations Bill of Materials (OBOM)
- Vulnerability Disclosure Reports (VDR)
- Vulnerability Exploitability eXchange (VEX)
- CycloneDX Attestations (CDXA)
The CycloneDX project provides standards in XML, JSON, and Protocol Buffers, as well as a largecollection of official and community supported toolsthat create or interoperate with the standard.
The project's website has many documenteduse cases and examplesthat provide a springboard to SBOM adoption.
The project operates as ameritocracywhoseguiding principlesreinforce itsrisk-based approach to standards development.The project encouragescommunity participationin the development of thestandard and supporting tools.
Modern software is assembled using third-party and open source components. They are glued together in complex andunique ways and integrated with original code to achieve the desired functionality. An accurate inventory of allcomponents enables organizations to identify risk, allows for greater transparency, and enables rapid impact analysis.
CycloneDX was created for this purpose.
Strategic direction and maintenance of the specification is managed by the CycloneDX Core Working Group,is backed by theOWASP Foundation,and is supported by the global information security community.
PinnedLoading
- specification
specification PublicOWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…
- cyclonedx-python
cyclonedx-python PublicCycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
- cyclonedx-maven-plugin
cyclonedx-maven-plugin PublicCreates CycloneDX Software Bill of Materials (SBOM) from Maven projects
- cyclonedx-cli
cyclonedx-cli PublicCycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
- bom-examples
bom-examples PublicA repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
- cyclonedx-node-module
cyclonedx-node-module Publiccreates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects
Repositories
- cyclonedx-python Public
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
CycloneDX/cyclonedx-python’s past year of commit activity - cdxgen Public
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server
CycloneDX/cdxgen’s past year of commit activity - cyclonedx-gradle-plugin Public
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
CycloneDX/cyclonedx-gradle-plugin’s past year of commit activity - cyclonedx-node-yarn Public
Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.
CycloneDX/cyclonedx-node-yarn’s past year of commit activity - cyclonedx-cocoapods Public
Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.
CycloneDX/cyclonedx-cocoapods’s past year of commit activity - cyclonedx-php-composer Public
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
CycloneDX/cyclonedx-php-composer’s past year of commit activity