|
--- |
|
title: README |
|
emoji: ๐ |
|
colorFrom: blue |
|
colorTo: indigo |
|
sdk: static |
|
pinned: false |
|
short_description: CycloneDX is a modern standard for the software supply chain |
|
--- |
|
|
|
# Welcome to the CycloneDX Community |
|
|
|
 |
|
|
|
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports: |
|
|
|
* Software Bill of Materials (SBOM) |
|
* Software-as-a-Service Bill of Materials (SaaSBOM) |
|
* Hardware Bill of Materials (HBOM) |
|
* Machine Learning Bill of Materials (ML-BOM) |
|
* Cryptography Bill of Materials (CBOM) |
|
* Manufacturing Bill of Materials (MBOM) |
|
* Operations Bill of Materials (OBOM) |
|
* Vulnerability Disclosure Reports (VDR) |
|
* Vulnerability Exploitability eXchange (VEX) |
|
* CycloneDX Attestations (CDXA) |
|
|
|
The CycloneDX project provides standards in XML, JSON, and Protocol Buffers, as well as a large |
|
[collection of official and community supported tools](https://cyclonedx.org/tool-center/) |
|
that create or interoperate with the standard. |
|
|
|
The project's website has many documented [use cases and examples](https://cyclonedx.org/use-cases/) |
|
that provide a springboard to SBOM adoption. |
|
|
|
The project operates as a [meritocracy](https://cyclonedx.org/about/governance/) |
|
whose [guiding principles](https://cyclonedx.org/about/guiding-principles/) |
|
reinforce its [risk-based approach to standards development](https://cyclonedx.org/participate/standardization-process/). |
|
The project encourages [community participation](https://cyclonedx.org/participate/contribute) |
|
in the development of the [standard and supporting tools](https://github.com/CycloneDX). |
|
|
|
## Background |
|
|
|
Modern software is assembled using third-party and open source components. They are glued together in complex and |
|
unique ways and integrated with original code to achieve the desired functionality. An accurate inventory of all |
|
components enables organizations to identify risk, allows for greater transparency, and enables rapid impact analysis. |
|
|
|
CycloneDX was created for this purpose. |
|
|
|
Strategic direction and maintenance of the specification is managed by the CycloneDX Core Working Group, |
|
is backed by the [OWASP Foundation](https://owasp.org), |
|
and is supported by the global information security community. |
