History

 

Project History

CycloneDX was designed in 2017 for use with OWASP Dependency-Track. An open-source Component Analysis platform that identifies risk in the software supply chain. The primary use-cases CycloneDX was designed to solve were vulnerability identification, license compliance, and outdated component analysis. Additional capabilities were added in subsequent releases of the specification.

The value of a full-stack Bill of Materials (BOM) specification, capable of achieving real-world usecases, transcends the boundaries of a single vendor or supplier. Therefore, a dedicated open source project was founded to develop the specification, the implementations, and move the format into widespread adoption. Today, hundreds of thousands of organizations ranging from financial services, manufacturing, government, software, and security firms are producing and consuming CycloneDX SBOMs.

Release History

Version Release Date
CycloneDX 1.5 26 June 2023
CycloneDX 1.4 12 January 2022
CycloneDX 1.3 04 May 2021
CycloneDX 1.2 26 May 2020
CycloneDX 1.1 03 March 2019
CycloneDX 1.0 26 March 2018
Initial Prototype 01 May 2017

CycloneDX Supporters

Apiiro
Contrast Security
Ecma International
Fortress Information Security
IBM
IonChannel
Kondukto
Lockheed Martin
NowSecure
OWASP
Rezilion
ServiceNow
Sonatype