OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for
cyber risk reduction. The specification supports:
- Software Bill of Materials (SBOM)
- Software-as-a-Service Bill of Materials (SaaSBOM)
- Hardware Bill of Materials (HBOM)
- Machine Learning Bill of Materials (ML-BOM)
- Manufacturing Bill of Materials (MBOM)
- Operations Bill of Materials (OBOM)
- Vulnerability Disclosure Reports (VDR)
- Vulnerability Exploitability eXchange (VEX)
Strategic direction of the specification is managed by the CycloneDX Core Working Group. CycloneDX is backed by the OWASP Foundation
, the global information security community, and Ecma Technical Committee 54 (Software & System Transparency).
OWASP Foundation is a not-for-profit member of Ecma International and is currently pursuing international Ecma standardization of the CycloneDX specification.