CycloneDX/specification external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

CycloneDX/specification

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CycloneDX/specification)

Close

CycloneDX / specificationView on GitHubMore

• External links
• Readme badge

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX

☆487Mar 18, 2026Updated this week

Alternatives and similar repositories for specification

Users that are interested in specification are comparing it to the libraries listed below

• CycloneDX / bom-examples

  View on GitHub
  A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)
  ☆218Oct 21, 2025Updated 4 months ago
• package-url / purl-spec

  View on GitHub
  A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
  ☆992Mar 11, 2026Updated last week
• CycloneDX / sbom-utility

  View on GitHub
  Utility that provides an API platform for validating, querying and managing BOM data
  ☆128Jan 2, 2026Updated 2 months ago
• CycloneDX / cyclonedx-cli

  View on GitHub
  CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
  ☆470Feb 10, 2026Updated last month
• spdx / spdx-spec

  View on GitHub
  The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.
  ☆361Mar 11, 2026Updated last week
• OWASP / Software-Component-Verification-Standard

  View on GitHub
  Software Component Verification Standard (SCVS)
  ☆157Apr 1, 2025Updated 11 months ago
• CycloneDX / transparency-exchange-api

  View on GitHub
  A standard API specification for exchanging supply chain artifacts and intelligence
  ☆103Mar 13, 2026Updated last week
• awesomeSBOM / awesome-sbom

  View on GitHub
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆572May 20, 2025Updated 10 months ago
• CycloneDX / cyclonedx-python

  View on GitHub
  CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
  ☆362Updated this week
• interlynk-io / sbomqs

  View on GitHub
  sbomqs: The Comprehensive SBOM Quality & Compliance Tool
  ☆271Updated this week
• CycloneDX / cyclonedx-property-taxonomy

  View on GitHub
  A taxonomy of all official CycloneDX property namespaces and names
  ☆21Mar 2, 2026Updated 2 weeks ago
• CycloneDX / cyclonedx-python-lib

  View on GitHub
  Functionality and DataModels of OWASP CycloneDX for Python
  ☆103Mar 13, 2026Updated last week
• DependencyTrack / dependency-track

  View on GitHub
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,666Updated this week
• guacsec / guac

  View on GitHub
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,454Updated this week
• MediaMarktSaturn / technolinator

  View on GitHub
  GitHub app for SBOM creation using cdxgen and upload to Dependency-Track
  ☆23Updated this week
• interlynk-io / sbomasm

  View on GitHub
  sbomasm: The Complete SBOM Management Toolkit
  ☆106Updated this week
• cdxgen / cdxgen

  View on GitHub
  Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
  ☆919Updated this week
• CycloneDX / cyclonedx-core-java

  View on GitHub
  CycloneDX SBOM Model and Utils for Creating and Validating BOMs
  ☆106Mar 12, 2026Updated last week
• CycloneDX / cyclonedx-javascript-library

  View on GitHub
  Functionality and DataModels of OWASP CycloneDX for JavaScript (Node.js or WebBrowser) written in TypeScript.
  ☆22Updated this week
• slsa-framework / slsa

  View on GitHub
  Supply-chain Levels for Software Artifacts
  ☆1,823Mar 11, 2026Updated last week
• oasis-tcs / csaf

  View on GitHub
  OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…
  ☆211Updated this week
• CycloneDX / cyclonedx-node-module

  View on GitHub
  creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects
  ☆140Updated this week
• ossf / sbom-everywhere

  View on GitHub
  Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
  ☆111Feb 28, 2026Updated 2 weeks ago
• CycloneDX / cyclonedx-bom-repo-server

  View on GitHub
  A BOM repository server for distributing CycloneDX BOMs
  ☆87Jul 1, 2025Updated 8 months ago
• CycloneDX / cyclonedx-maven-plugin

  View on GitHub
  Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
  ☆361Jan 23, 2026Updated last month
• anchore / syft

  View on GitHub
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,510Updated this week
• opensbom-generator / spdx-sbom-generator

  View on GitHub
  Support CI generation of SBOMs via golang tooling.
  ☆424Jan 13, 2025Updated last year
• OWASP / packman

  View on GitHub
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆51Mar 5, 2021Updated 5 years ago
• SBOM-Community / SBOM-Generation

  View on GitHub
  Reference GitHub Workflows for SBOM generation from the CISA SBOM Generation Reference Implementation Tiger Team
  ☆33Feb 2, 2026Updated last month
• CycloneDX / cyclonedx-rust-cargo

  View on GitHub
  Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
  ☆157Updated this week
• OpenEoX / openeox

  View on GitHub
  This project aims to standardize the representation and management of EOL and EOS product information across the industry.
  ☆30Mar 4, 2024Updated 2 years ago
• eBay / sbom-scorecard

  View on GitHub
  Generate a score for your sbom to understand if it will actually be useful.
  ☆239Aug 13, 2024Updated last year
• protobom / protobom

  View on GitHub
  A universal SBOM representation in protocol buffers
  ☆320Mar 2, 2026Updated 2 weeks ago
• in-toto / witness

  View on GitHub
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆519Updated this week
• scanoss / purl2cpe

  View on GitHub
  PURL to CPE Relationship mapping project.
  ☆111Updated this week
• omnibor / spec

  View on GitHub
  Specification for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆26Nov 17, 2025Updated 4 months ago
• microsoft / sbom-tool

  View on GitHub
  The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
  ☆2,000Updated this week
• openvex / spec

  View on GitHub
  OpenVEX Specification
  ☆169Jan 16, 2026Updated 2 months ago
• CycloneDX / license-scanner

  View on GitHub
  Utility that provides an API and CLI to identify licenses and legal terms
  ☆52Jul 11, 2025Updated 8 months ago