Machine Learning Bill of Materials (ML-BOM)

Model and dataset transparency for security, privacy, safety and ethical considerations

ML-BOMs provide transparency for machine learning models and datasets, which provide visibility into possible security, privacy, safety, and ethical considerations. CycloneDX standardizes model cards in a way where the inventory of models and datasets can be used independently or combined with the inventory of software and hardware components or services defined in HBOMs, SBOMs, and SaaSBOMs.

High-Level Object Model

CycloneDX Object Model Swimlane

Additional Capabilities

SBOM

Software Bill of Materials

Inventory software components and services and the dependency relationships between them

SaaSBOM

Software as a Service Bill of Materials

Inventory services, endpoints, and data flows and classifications that power cloud-native applications

CBOM

Cryptography Bill of Materials

Discover, manage and report on cryptography in preparation for quantum-safe systems and applications

VEX

Vulnerability Exploitability eXchange

Convey the exploitability of vulnerable components in the context of the product in which they're used

HBOM

Hardware Bill of Materials

Inventory hardware components for IoT, ICS, and other types of embedded and connected devices

ML-BOM