CARVIEW

MOTORHOMES

Select Language

HTTP/2 103 link: ; rel=preconnect HTTP/2 200 date: Thu, 25 Dec 2025 01:26:35 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff vary: accept-encoding report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lCsCF1u%2B6bUtr44qLWtyNFY4HLU8bhpUrYJ%2FZo41xL92n6LFA5KwY1Rmiz63U5j6DVR%2B8gQwfTuFl8Q%2FRO1ekXyjLsJrZySKHOvDGHc%3D"}]} cf-cache-status: DYNAMIC x-frame-options: SAMEORIGIN server: cloudflare strict-transport-security: max-age=15552000 content-encoding: gzip cf-ray: 9b348d186c803e0a-BOM alt-svc: h3=":443"; ma=86400 CycloneDX Bill of Materials Standard | CycloneDX

CycloneDX: The International Standard for Bill of Materials (ECMA-424)

The OWASP Foundation and Ecma International Technical Committee for Software & System Transparency (TC54) drive the continued advancement of the specification.

CycloneDX is designed to provide advanced supply chain capabilities for cyber risk reduction.

Compatible with over 260 tools across 20+ programming languages, CycloneDX is trusted by enterprises, governments, and open source projects.

CycloneDX is authorized for use by medical device manufacturers.

Consumers can trust that their medical devices are manufactured securely, thanks to CycloneDX Hardware Bill of Materials (HBOM) and Software Bill of Materials (SBOM).

CycloneDX is the standard for multiple world governments and the defense industrial base.

Trusted for satellite and space systems, missile guidance systems, and algorithmic warfare, CycloneDX plays a small part in safeguarding national defense.

CycloneDX is enterprise ready and surfaces risk for IT and OT assets.

CycloneDX is trusted by leading CMDB vendors to detect security issues in hardware, software, services, and operations.

CycloneDX offers the most advanced license support of any SBOM format.

CycloneDX can leverage SPDX license IDs and expressions, along with comprehensive commercial license support, supporting open source license compliance and Software Asset Management (SAM) use cases.

CycloneDX evolves with your project or organizational needs.

Trusted by beginners and experts, CycloneDX offers an easy on-ramp to adoption and the world's most extensive collection of tools to get started.

Explore Tools Read Guides

Getting Started

Capabilities

CycloneDX is a modern standard for the software supply chain. Discover the many capabilities that await.

Use Cases

Explore a wide array of use cases along with corresponding examples in both XML and JSON formats.

Tool Center

Discover open source and proprietary tools and solutions that support the CycloneDX standard.

Guides

Explore OWASP guides for first-time use. Learn how others integrated CycloneDX into existing projects.

Start now

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction.

Learn more

CycloneDX Capabilities

A diagram illustrating the various capabilities of CycloneDX

SBOM

Software Bill of Materials

SaaSBOM

Software as a Service Bill of Materials

CBOM

Cryptography Bill of Materials

VEX

Vulnerability Exploitability Exchange

HBOM

Hardware Bill of Materials

AI/ML-BOM

AI/Machine Learning Bill of Materials

View all

Supporters, Vendors, and Projects

View all

Original Source | Taken Source