CycloneDX provides advanced, supply chain capabilities for cyber risk reduction
Inventory software components and services and the dependency relationships between them
Inventory services, endpoints, and data flows and classifications that power cloud-native applications
Discover, manage and report on cryptography in preparation for quantum-safe systems and applications
Convey the exploitability of vulnerable components in the context of the product in which they're used
Inventory hardware components for IoT, ICS, and other types of embedded and connected devices
Model and dataset transparency for security, privacy, safety and ethical considerations
Machine-readable statements of claims, evidence, and testimony in compliance with standards
Declared and observed formulation for reproducibility throughout product lifecycle
Full-stack inventory of runtime environments, configurations, and additional dependencies
Communicate known and unknown vulnerabilities affecting components and services
Reference components, services, or vulnerabilities in BOMs from other systems or other BOMs
Share vulnerability data between systems and sources of vulnerability intelligence
Standardizes release notes unlocking new workflows for software publishers and consumers
