Knowledge Tree
Home Research Docs About
concept

CycloneDX

Facts (10)

Sources
bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 5 facts
referenceguacsec/trustify provides a searchable abstraction over CycloneDX and SPDX SBOMs, cross-referencing them against security advisories to identify vulnerabilities.
referenceThe 'Trusera/ai-bom' project is an AI Bill of Materials generator for agent workflows that scans n8n, LangGraph, and CrewAI workflows to identify AI components and generate SBOM output in CycloneDX and SPDX formats.
claimSoftwareDesignLab/SBOM-in-a-Box is a unified platform for SBOM generation using integrated open source tools, conversion between SPDX and CycloneDX formats, VEX generation, quality metrics, and comparison and merging.
claimThe OWASP CycloneDX project has launched an SBOM Exchange API.
referenceThe 'cyfinoid/aibommaker' project is a client-side web tool that analyzes GitHub repositories for AI/LLM usage and generates AI Bills of Materials (AIBOMs) in CycloneDX 1.7 and SPDX 3.0.1 formats, including detection of hardware, infrastructure, and governance components.
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 4 facts
claimSPDX and CycloneDX are the two primary formats for a Software Bill of Materials (SBOM).
referenceCycloneDX is an SBOM standard originating from the Open Web Application Security Project (OWASP) community, designed for application security and supply chain component analysis, and has been extended to include software-as-a-service BOM (SaaSBOM).
claimThe data formats used to generate and consume SBOMs include Software Package Data eXchange (SPDX), CycloneDX, and Software Identification (SWID) tags.
claimSPDX and CycloneDX are the two primary standards for Software Bill of Materials (SBOMs).
State of the Software Supply Chain Report | 10 Year Look - Sonatype sonatype.com Sonatype 1 fact
claimThe publication of CycloneDX and SPDX v3 SBOM standards, alongside global government regulations, has led to an increase in the number of open source projects publishing Software Bill of Materials (SBOMs) with their components.