Introduction

OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

Strategic direction and maintenance of the specification is managed by the CycloneDX Core working group, with origins in the OWASP community.

CycloneDX Supporters, Vendors, and Projects

18F
Amass
Anchore
Apiiro
Aqua Security
Aqua Trivy
ArmorCode
BlackBerry
Buildpacks
Bytesafe
CAST Software
Chainguard
Checkmarx
Checkov
Cisco
Cloud Native Computing Foundation
Cloudsmith
CodeNotary
Contrast Security
Cybeats
Cybellum
CyberTest
Deepfence
Defect Dojo
DevOps KungFu Masters
EMBA
Eclipse
Enso Security
FOSSA
Finite State
Flexera
Fortress Information Security
GitLab
Google
Google
Google Ko
GraalVM
GrammaTech
Grype
IBM
Intel
IonChannel
JDisc
JFrog
JupiterOne
Kondukto
Kubeclarity
Kyverno
Lagoon
Lockheed Martin
Medcrypt
Medsec
Mend
MergeBase
Microfocus
NetRise
NowSecure
OWASP
OWASP Dependency-Track
Open Source Review Toolkit (ORT)
OpenRewrite
Oracle
Palo Alto Networks
RKVST
RedHat
Reliable Energy Analytics
Reliza
Revenera
ReversingLabs
Rezilion
SAP
SCANOSS
Salus
SecureStack
ServiceNow
ShiftLeft
Sigstore
Snyk
SonarSource
Sonatype
Spack
StackAware
Syft
Synopsys
Tern
Tidelift
TrustSource
VMware
Vdoo
Veracode
Xperi
gum
nexB