Hardware Bill of Materials (HBOM)

 

Inventory hardware components for IoT, ICS, and other types of embedded and connected devices

Software Bill of Materials
Software-as-a-Service BOM
Vulnerability Exploitability Exchange
Hardware Bill of Materials
Operations Bill of Materials
Vulnerability Disclosure Report
Javascript Object Notation
Extensible Markup Language
Protocol Buffers

CycloneDX supports many types of components, including hardware devices, making it ideal for use with consumer electronics, IoT, ICS, and other types of embedded devices. CycloneDX fills an important role in-between traditional eBOM and mBOM use cases for hardware devices.

  • Supports device as a first-class component type
  • Utilizes a formal and extensible taxonomy that defines a wide range of hardware devices and configurations

CycloneDX can represent any type of software component, service, and the firmware and hardware devices in an ‘as-built’ product. A formal property taxonomy can be leveraged and extended to describe any type of hardware attribute or configuration. CycloneDX can also reference documentation that may describe the ‘recipe’ for how the product is manufactured.
Organizations, or entire industries, can also leverage multiple extension points to develop advanced models.

High-Level Object Model

CycloneDX Object Model Swimlane

Examples

BOMs demonstrating HBOM capabilities can be found at https://github.com/CycloneDX/bom-examples

Additional Capabilities

CycloneDX Supporters

Apiiro
Contrast Security
IonChannel
Lockheed Martin
NowSecure
OWASP
Rezilion
ServiceNow
Sonatype
Vdoo
Xperi