CycloneDX/bom-examples external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

CycloneDX/bom-examples

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CycloneDX/bom-examples)

Close

CycloneDX / bom-examplesView on GitHubMore

• External links
• Readme badge

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

☆218Oct 21, 2025Updated 4 months ago

Alternatives and similar repositories for bom-examples

Users that are interested in bom-examples are comparing it to the libraries listed below

• CycloneDX / specification

  View on GitHub
  OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…
  ☆483Feb 21, 2026Updated last week
• interlynk-io / sbomqs

  View on GitHub
  sbomqs: The Comprehensive SBOM Quality & Compliance Tool
  ☆269Updated this week
• spdx / spdx-examples

  View on GitHub
  Examples of SPDX files for software combinations
  ☆143Nov 15, 2025Updated 3 months ago
• oasis-tcs / csaf

  View on GitHub
  OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…
  ☆210Updated this week
• CERTCC / SBOM

  View on GitHub
  Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
  ☆66Apr 8, 2024Updated last year
• CycloneDX / cyclonedx-python-lib

  View on GitHub
  Functionality and DataModels of OWASP CycloneDX for Python
  ☆102Jan 26, 2026Updated last month
• CycloneDX / cyclonedx-cli

  View on GitHub
  CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
  ☆461Feb 10, 2026Updated 2 weeks ago
• chainguard-sandbox / bom-shelter

  View on GitHub
  A place to systematically store software bill of materials (SBOM) documents.
  ☆50Jun 1, 2023Updated 2 years ago
• nyph-infosec / daggerboard

  View on GitHub
  ☆102Sep 27, 2024Updated last year
• CycloneDX / cyclonedx-bom-repo-server

  View on GitHub
  A BOM repository server for distributing CycloneDX BOMs
  ☆87Jul 1, 2025Updated 7 months ago
• CycloneDX / cyclonedx-property-taxonomy

  View on GitHub
  A taxonomy of all official CycloneDX property namespaces and names
  ☆21Jan 15, 2026Updated last month
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆99Feb 20, 2026Updated last week
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆238Aug 13, 2024Updated last year
• devops-kung-fu / bomber

  View on GitHub
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆603Feb 10, 2026Updated 2 weeks ago
• ossf / sbom-everywhere

  View on GitHub
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆110Feb 11, 2026Updated 2 weeks ago
• sbomtools / apt2sbom

  View on GitHub
  apt2sbom python package generates SPDX or CycloneDX files from Ubuntu APT and Python packaging information
  ☆25Feb 4, 2022Updated 4 years ago
• spdx / cdx2spdx

  View on GitHub
  Utility that converts SBOM documents from CycloneDX to SPDX
  ☆33Jan 19, 2024Updated 2 years ago
• spdx / spdx-3-model

  View on GitHub
  The model for the information captured in SPDX version 3 standard.
  ☆98Updated this week
• package-url / purl-spec

  View on GitHub
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆978Feb 19, 2026Updated last week
• awesomeSBOM / awesome-sbom

  View on GitHub
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆568May 20, 2025Updated 9 months ago
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆316Feb 18, 2026Updated last week
• OpenEoX / openeox

  View on GitHub
  This project aims to standardize the representation and management of EOL and EOS product information across the industry.
  ☆30Mar 4, 2024Updated last year
• cdxgen / cdxgen

  View on GitHub
  Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
  ☆908Updated this week
• aboutcode-org / purldb

  View on GitHub
  Tools to create and deploy a database of software packages metadata, origin, dependencies, and license keyed by PURLs (Package URLs). Sup…
  ☆60Feb 20, 2026Updated last week
• CycloneDX / sbom-utility

  View on GitHub
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆127Jan 2, 2026Updated last month
• spdx / spdx-to-osv

  View on GitHub
  Produce an Open Source Vulnerability JSON file based on information in an SPDX document
  ☆65May 27, 2024Updated last year
• chainguard-dev / vex

  View on GitHub
  vexctl is a tool to attest VEX impact statements
  ☆45Mar 27, 2023Updated 2 years ago
• act-project / TAC

  View on GitHub
  Automating Compliance Tooling Project
  ☆22Jan 28, 2022Updated 4 years ago
• scanoss / purl2cpe

  View on GitHub
  PURL to CPE Relationship mapping project.
  ☆111Updated this week
• spdx / spdx-online-tools

  View on GitHub
  Source for the website providing online SPDX tools
  ☆71Dec 28, 2025Updated 2 months ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆168Jan 16, 2026Updated last month
• spdx / ntia-conformance-checker

  View on GitHub
  Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.
  ☆81Feb 20, 2026Updated last week
• CERTCC / SSVC

  View on GitHub
  Stakeholder-Specific Vulnerability Categorization
  ☆173Updated this week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,450Updated this week
• bomctl / bomctl

  View on GitHub
  Format agnostic SBOM tooling
  ☆132Nov 20, 2025Updated 3 months ago
• advanced-security / gh-sbom

  View on GitHub
  Generate SBOMs with gh CLI
  ☆199May 30, 2025Updated 8 months ago
• spdx / tools-java

  View on GitHub
  SPDX Command Line Tools using the Spdx-Java-Library
  ☆86Feb 18, 2026Updated last week
• CycloneDX / cyclonedx-core-java

  View on GitHub
  CycloneDX SBOM Model and Utils for Creating and Validating BOMs
  ☆105Feb 16, 2026Updated last week
• CycloneDX / cyclonedx-python

  View on GitHub
  CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
  ☆358Feb 21, 2026Updated last week