CycloneDX is SBOM SaaSBOM VEX OBOM HBOM VDR

Software Bill of Materials

Software-as-a-Service Bill of Materials

Vulnerability Exploitability Exchange

Operations Bill of Materials

Hardware Bill of Materials

Vulnerability Disclosure Report

12 May 2022 - OWASP CycloneDX Launches SBOM Exchange API, Standardizing SBOM Distribution

Capabilities

CycloneDX is a modern standard for the software supply chain. Discover the many capabilities that await.

Use Cases + Examples

Explore a wide array of use cases along with corresponding examples in both XML and JSON formats.

Tool Center

Discover open source and proprietary tools and solutions that support the CycloneDX standard.

Introduction

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports:

Software Bill of Materials (SBOM)
Software-as-a-Service Bill of Materials (SaaSBOM)
Hardware Bill of Materials (HBOM)
Operations Bill of Materials (OBOM)
Vulnerability Disclosure Reports (VDR)
Vulnerability Exploitability eXchange (VEX)

Strategic direction of the specification is managed by the CycloneDX Core Working Group, is backed by the OWASP Foundation, and is supported by the global information security community.

Capabilities

Use Cases + Examples

Tool Center

Introduction

CycloneDX Supporters, Vendors, and Projects