CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

Guiding Principals

Discover a unique approach to standards development that benefits the entire community.

Use Cases + Examples

Explore a wide array of use cases along with corresponding examples in both XML and JSON formats.

Tool Center

Discover open source and proprietary tools and solutions that support the CycloneDX standard.

Introduction

Modern software is assembled using third-party and open source components. They are glued together in complex and unique ways and integrated with original code to achieve the desired functionality. An accurate inventory of all components enables organizations to identify risk, allows for greater transparency, and enables rapid impact analysis.

CycloneDX was created for this purpose.

Strategic direction and maintenance of the specification is managed by the CycloneDX Core working group, with origins in the OWASP community.