You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CycloneDX is a lightweight Software Bill of Materials (SBOM) specification designed for use in application security
10
-
contexts and supply chain component analysis.
9
+
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports:
10
+
* Software Bill of Materials (SBOM)
11
+
* Software-as-a-Service Bill of Materials (SaaSBOM)
12
+
* Hardware Bill of Materials (HBOM)
13
+
* Operations Bill of Materials (OBOM)
14
+
* Vulnerability Disclosure Reports (VDR)
15
+
* Vulnerability Exploitability eXchange (VEX).
11
16
12
17
13
18
## Introduction
@@ -17,8 +22,8 @@ organizations to identify risk, allows for greater transparency, and enables rap
17
22
18
23
CycloneDX was created for this purpose.
19
24
20
-
Strategic direction and maintenance of the specification is managed by the CycloneDX Core working group, with origins
21
-
in the [OWASP](https://owasp.org) community.
25
+
Strategic direction and maintenance of the specification is managed by the CycloneDX Core Working Group, is backed by the
26
+
[OWASP Foundation](https://owasp.org), and is supported by the global information security community.
22
27
23
28
24
29
## Use Cases
@@ -40,7 +45,7 @@ The following media types are officially registered with IANA:
40
45
| application/vnd.cyclonedx+xml | XML |[IANA](https://www.iana.org/assignments/media-types/application/vnd.cyclonedx+xml)|
0 commit comments