CycloneDX/specification external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

CycloneDX/specification

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CycloneDX/specification)

Close

CycloneDX / specificationView on GitHubMore

• External links
• Readme badge

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

☆483Feb 21, 2026Updated last week

Alternatives and similar repositories for specification

Users that are interested in specification are comparing it to the libraries listed below

• CycloneDX / bom-examples

  View on GitHub
  A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
  ☆218Oct 21, 2025Updated 4 months ago
• package-url / purl-spec

  View on GitHub
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆978Feb 19, 2026Updated last week
• CycloneDX / sbom-utility

  View on GitHub
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆127Jan 2, 2026Updated last month
• OWASP / Software-Component-Verification-Standard

  View on GitHub
  Software Component Verification Standard (SCVS)
  ☆155Apr 1, 2025Updated 10 months ago
• CycloneDX / cyclonedx-cli

  View on GitHub
  CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
  ☆461Feb 10, 2026Updated 2 weeks ago
• spdx / spdx-spec

  View on GitHub
  The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
  ☆358Updated this week
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆99Feb 20, 2026Updated last week
• awesomeSBOM / awesome-sbom

  View on GitHub
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆568May 20, 2025Updated 9 months ago
• interlynk-io / sbomqs

  View on GitHub
  sbomqs: The Comprehensive SBOM Quality & Compliance Tool
  ☆269Updated this week
• CycloneDX / cyclonedx-python

  View on GitHub
  CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
  ☆358Feb 21, 2026Updated last week
• interlynk-io / sbomasm

  View on GitHub
  sbomasm: The Complete SBOM Management Toolkit
  ☆105Updated this week
• DependencyTrack / dependency-track

  View on GitHub
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,623Updated this week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,814Feb 20, 2026Updated last week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,450Updated this week
• CycloneDX / cyclonedx-property-taxonomy

  View on GitHub
  A taxonomy of all official CycloneDX property namespaces and names
  ☆21Jan 15, 2026Updated last month
• CycloneDX / cyclonedx-python-lib

  View on GitHub
  Functionality and DataModels of OWASP CycloneDX for Python
  ☆102Jan 26, 2026Updated last month
• ossf / sbom-everywhere

  View on GitHub
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆110Feb 11, 2026Updated 2 weeks ago
• CycloneDX / cyclonedx-core-java

  View on GitHub
  CycloneDX SBOM Model and Utils for Creating and Validating BOMs
  ☆105Feb 16, 2026Updated last week
• CycloneDX / cyclonedx-bom-repo-server

  View on GitHub
  A BOM repository server for distributing CycloneDX BOMs
  ☆87Jul 1, 2025Updated 7 months ago
• cdxgen / cdxgen

  View on GitHub
  Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
  ☆908Updated this week
• oasis-tcs / csaf

  View on GitHub
  OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…
  ☆210Updated this week
• opensbom-generator / spdx-sbom-generator

  View on GitHub
  Support CI generation of SBOMs via golang tooling.
  ☆424Jan 13, 2025Updated last year
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆316Feb 18, 2026Updated last week
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,416Updated this week
• SBOM-Community / SBOM-Generation

  View on GitHub
  Reference GitHub Workflows for SBOM generation from the CISA SBOM Generation Reference Implementation Tiger Team
  ☆33Feb 2, 2026Updated 3 weeks ago
• act-project / TAC

  View on GitHub
  Automating Compliance Tooling Project
  ☆22Jan 28, 2022Updated 4 years ago
• microsoft / sbom-tool

  View on GitHub
  The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
  ☆1,984Feb 20, 2026Updated last week
• CycloneDX / cyclonedx-maven-plugin

  View on GitHub
  Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
  ☆358Jan 23, 2026Updated last month
• MediaMarktSaturn / technolinator

  View on GitHub
  GitHub app for SBOM creation using cdxgen and upload to Dependency-Track
  ☆22Updated this week
• OWASP / packman

  View on GitHub
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆51Mar 5, 2021Updated 4 years ago
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆238Aug 13, 2024Updated last year
• scanoss / purl2cpe

  View on GitHub
  PURL to CPE Relationship mapping project.
  ☆111Updated this week
• spdx / tools-golang

  View on GitHub
  Collection of Go packages to work with SPDX files
  ☆159Updated this week
• spdx / spdx-examples

  View on GitHub
  Examples of SPDX files for software combinations
  ☆143Nov 15, 2025Updated 3 months ago
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆168Jan 16, 2026Updated last month
• CycloneDX / cyclonedx-javascript-library

  View on GitHub
  Functionality and DataModels of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.
  ☆22Updated this week
• omnibor / spec

  View on GitHub
  Specification for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆26Nov 17, 2025Updated 3 months ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆517Updated this week
• chainguard-sandbox / bom-shelter

  View on GitHub
  A place to systematically store software bill of materials (SBOM) documents.
  ☆50Jun 1, 2023Updated 2 years ago