CycloneDX provides a clear view of assets, helping manage dependencies and reduce operational risks.
Catalog software applications, libraries, and dependencies, capturing details such as name, version, and supplier. This enables precise vulnerability tracking and license compliance management.
Ideal for: General use, Use with or without Software Composition Analysis (SCA)
Document external services, including APIs and cloud functions, to map data flows and dependencies, providing visibility into trust boundaries and operational risks.
Ideal for: Service transparency and operational dependency analysis
Maintain a catalog of machine learning models and datasets, supporting visibility into ethical considerations, security risks, and operational integrity.
Ideal for: Transparency in machine learning and ethical AI operations
Catalog hardware assets, including IoT devices, embedded systems, and their internal components like firmware, chipsets, and processors, supporting security and lifecycle tracking.
Ideal for: Security products or products with high security requirements
CycloneDX streamlines cryptographic asset tracking, reducing security gaps and supporting compliance.
Document cryptographic algorithms used for encryption, authentication, and signatures, capturing their details and compliance with evolving security standards.
Ideal for: Identifying deprecated or insecure algorithms
Maintain an inventory of digital certificates, providing critical insights into expiration, issuance, and compliance with regulatory standards.
Ideal for: Proactive certificate management and compliance
Track cryptographic keys, including their lifecycle states and usage, to maintain secure management practices and compliance with industry standards.
Ideal for: Tracking the usage of encryption keys
Catalog cryptographic protocols, capturing their implementation and dependencies to evaluate secure communication practices and compliance readiness.
Ideal for: Evaluating protocol dependencies and interactions
Visualize relationships between components using dependency graphs and structured assemblies.
Track software dependencies to understand relationships, manage risks, and optimize application performance.
Ideal for: Identifying and managing software dependency risks
Map service dependencies to analyze integrations, monitor data flows, and assess trust boundaries.
Ideal for: Analyzing service integrations and dependencies between services
Describe how components fulfill specifications or standards to analyze their roles and impact.
Ideal for: Understanding component relationships and compliance alignment
Represent assemblies of components to provide insight into system architecture and dependency structures.
Ideal for: Analyzing system architecture and dependency hierarchies
Describe known completeness of constituent parts and dependency relationships.
Captures the known completeness of the inventory to provide clarity on system composition.
Ideal for: Providing clarity and completeness in inventory management
Captures the known completeness of component assemblies, detailing inclusions and embedded elements.
Ideal for: Providing clarity and completeness in inventory management
Captures the known completeness of dependency relationships for all direct and transitive relationships.
Ideal for: Providing clarity and completeness in inventory management
Captures the known completeness of vulnerabilities, whether as inventory for sharing or as links to affected components.
Ideal for: Providing clarity and completeness in inventory management