CycloneDX Newsroom

CycloneDX v1.7 Delivers Advanced Cryptography, Intellectual Property, and Data Provenance Transparency for the Software Supply Chain

21 October 2025

The CycloneDX Core Working Group is proud to announce the release of CycloneDX v1.7, the final version in the 1.x series and a milestone in the evolution of software and system transparency.

CycloneDX v1.6: Now an Ecma International Standard

01 July 2024

This milestone sets the stage for CycloneDX Bill of materials being available as a global xBOM (Bill of Materials) standard for use across multiple domains. CycloneDX is proud to be an OWASP Flagship standards project, and in a community development model with Ecma International’s TC54, underscoring its importance and impact in the industry.

CycloneDX v1.6 Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials and Attestations

09 April 2024

OWASP Foundation today announced the availability of CycloneDX v1.6. This significant release strengthens software supply chain security with the introduction of two innovative capabilities&colon; Cryptographic Bill of Materials (CBOM) and CycloneDX Attestations (CDXA).

OWASP Foundation Joins Ecma International to Drive Software Transparency and Standardization of OWASP CycloneDX

12 October 2023

The OWASP Foundation, the global non-profit organization dedicated to improving the security of software, is thrilled to announce its membership in Ecma International, a leading standards development organization.

Introducing OWASP CycloneDX v1.5 - Advanced Bill of Materials Standard Empowering Transparency, Security, and Compliance

26 June 2023

CycloneDX v1.5 sets a new benchmark by incorporating Machine Learning transparency (ML-BOM), Formulation (MBOM), and enhanced support for Software Bill of Materials (SBOM) quality indicators, including evidence and lifecycles embracing both the Software Development Lifecycle (SDLC) and enterprise Software Asset Management (SAM).

OWASP Foundation Announces CycloneDX Project Momentum with Contribution from IBM to Advance Software Supply Chain Security

01 March 2023

Today, OWASP and IBM announced IBM’s contribution of two open source projects, SBOM Utility and License Scanner, to CycloneDX, a flagship OWASP project and a leading Bill of Materials (BOM) standard. These projects promote the validation, content analysis and accuracy of software license information included within BOMs in support of increasing trust across open hardware and software supply chains.

OWASP CycloneDX Launches SBOM Exchange API, Standardizing SBOM Distribution

12 May 2022

OWASP CycloneDX launched a BOM Exchange API aimed at solving a critical component necessary to operationalize software bill of materials (SBOM). The API standardizes how BOMs are published and retrieved independent of software ecosystem.

OWASP Expands SBOM Capabilities, Accelerating Innovation and Supply Chain Risk Reduction

12 January 2022

CycloneDX adds the ability to communicate vulnerabilities and their exploitability for software defined in a bill of materials. This capability, known as Vulnerability Exploitability Exchange (VEX), works with SBOMs, forming a comprehensive view of possible risk. Together, the combination of SBOM and VEX can significantly reduce the efforts and costs associated with vulnerability management

OWASP CycloneDX SBOM Standard Launches Educational Learning Series

16 August 2021

The OWASP CycloneDX project, creators of the leading Software Bill of Materials (SBOM) format, announced the immediate availability of the CycloneDX Learning Series. The series of short-form content provides an easy path to explore and learn the CycloneDX SBOM standard.

CycloneDX Joins OWASP Foundation as a Flagship Project

11 June 2021

The CycloneDX project, creators of the leading Software Bill of Materials (SBOM) format, announced they will be joining OWASP Foundation as a Flagship Project. This move will provide resources to the CycloneDX project while strengthening OWASP as the leading non-profit security organization providing tools, documentation, and standards.

CycloneDX v1.3 Released

04 May 2021

Continuing our risk-based approach to standards development, CycloneDX v1.3 includes several backward-compatible improvements including Compositions which describe the completeness of inventory and relationships, support for describing evidence of copyright statements and additional licenses, support for Protocol Buffers (protobuf) for highly efficient machine-to-machine transport, and support for Properties which is a name/value store allowing easy extensibility of the spec.

CycloneDX Newsroom

Learn the latest about CycloneDX. Explore our announcements, press coverage, and more.

News and Press Releases

CycloneDX v1.7 Delivers Advanced Cryptography, Intellectual Property, and Data Provenance Transparency for the Software Supply Chain

CycloneDX v1.6: Now an Ecma International Standard

CycloneDX v1.6 Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials and Attestations

OWASP Foundation Joins Ecma International to Drive Software Transparency and Standardization of OWASP CycloneDX

Introducing OWASP CycloneDX v1.5 - Advanced Bill of Materials Standard Empowering Transparency, Security, and Compliance

OWASP Foundation Announces CycloneDX Project Momentum with Contribution from IBM to Advance Software Supply Chain Security

OWASP CycloneDX Launches SBOM Exchange API, Standardizing SBOM Distribution

OWASP Expands SBOM Capabilities, Accelerating Innovation and Supply Chain Risk Reduction

OWASP CycloneDX SBOM Standard Launches Educational Learning Series

CycloneDX Joins OWASP Foundation as a Flagship Project

CycloneDX v1.3 Released

CycloneDX in the News

OWASP looks to future-proof SBOMs with CycloneDX 1.6

Leading SBOM Standard CycloneDX Now Incorporates Machine Learning

A software bill of materials helps secure your supply chain

The five dimensions of SBOM quality

CycloneDX 1.5: The next big step for SBOMs and software transparency

Introducing Software Bill of Materials for Confluent Platform