Copyright Claims

Introduction

CycloneDX introduces robust support for managing and substantiating copyrights at the component level. Through its metadata and evidence capabilities, CycloneDX allows organizations to assert ownership of copyrights explicitly for individual software components while also documenting supporting evidence. This dual approach enhances transparency, enabling effective compliance management and facilitating intellectual property due diligence.

This CycloneDX example demonstrates how to assert and document copyright details at the component level. The library "Library A" specifies its copyright as "The Acme Project," supported by evidence including additional claims from "Samantha Wright" and "Acme University." When using component assemblies, such as files within a library, this information can be combined with evidence to pinpoint exactly where the evidence was derived from. The level of granularity is up to the BOM author, allowing flexibility based on specific requirements.

Examples

{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
  "version": 1,
  "components": [
    {
      "type": "library",
      "name": "Library A",
      "version": "3.7.1",
      "copyright": "The Acme Project",
      "evidence": {
        "copyright": [
          {
            "text": "The Acme Project"
          },
          {
            "text": "Samantha Wright"
          },
          {
            "text": "Acme University"
          }
        ]
      }
    }
  ]
}

Authoritative Guide