CycloneDX can help organizations manage their commercial software licenses by providing a clear understanding of what licenses are in use and which ones require renewal or additional purchases, which may impact the operational aspects of applications or systems. By leveraging CycloneDX for commercial license compliance, organizations can reduce the risks associated with license violations, enhance their license management practices, and align their SBOM practice with Software Asset Management (SAM) and IT Asset Management (ITAM) systems for enterprise visibility.
| Property | Usage Description |
|---|---|
| altIds | Maps a license in the BOM to an identifier used in procurement or SAM systems. |
| licensor | Identifies the entity granting the license rights. |
| licensee | Specifies the entity receiving the license rights. |
| purchaser | Indicates the entity responsible for acquiring the license. |
| licenseTypes | Defines the type of license, such as perpetual, subscription, or trial. |
| lastRenewal | Records the most recent renewal date of the license. |
| expiration | Specifies the date when the license will expire. |
| Name | Description |
|---|---|
| academic | A license that grants use of software solely for the purpose of education or research. |
| appliance | A license covering use of software embedded in a specific piece of hardware. |
| client-access | A Client Access License (CAL) allows client computers to access services provided by server software. |
| concurrent-user | A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users. |
| core-points | A license where the core of a computer's processor is assigned a specific number of points. |
| custom-metric | A license for which consumption is measured by non-standard metrics. |
| device | A license that covers a defined number of installations on computers and other types of devices. |
| evaluation | A license that grants permission to install and use software for trial purposes. |
| named-user | A license that grants access to the software to one or more pre-defined users. |
| node-locked | A license that grants access to the software on one or more pre-defined computers or devices. |
| oem | An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware. |
| perpetual | A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely. |
| processor-points | A license where each installation consumes points per processor. |
| subscription | A license where the licensee pays a fee to use the software or service. |
| user | A license that grants access to the software or service by a specified number of users. |
| other | Another license type. |
{
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "application",
"name": "Acme Application",
"version": "3.3.0",
"licenses": [
{
"license": {
"name": "Acme Commercial License",
"text": {
"contentType": "text/plain",
"encoding": "base64",
"content": "VGhlIHRleHQgZm9yIHRoZSBsaWNlbnNlIGdvZXMgaGVyZS4="
},
"licensing": {
"altIds": [ "ACME-ON-PREM" ],
"licensor": {
"organization": { "name": "Acme Inc" }
},
"licensee": {
"organization": { "name": "Example Co." }
},
"purchaser": {
"individual": {
"name": "Samantha Wright",
"email": "[email protected]",
"phone": "800-555-1212"
}
},
"purchaseOrder": "PO-12345",
"licenseTypes": [ "appliance" ],
"lastRenewal": "2024-04-13T20:20:39+00:00",
"expiration": "2026-04-13T20:20:39+00:00"
}
}
}
]
}
]
}