specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
CycloneDX 2.0 is a major version in active development, focused on cleaning up legacy constructs, enforcing semantic correctness, and enabling modern schema reuse and API integration. This issue tracks the...
Similar to #640, this ticket is to investigate the feasibility of delivering an XML Schema that is auto-generated from the authoritative JSON Schema. However, unlike #640, which can be accomplished,...
### Problem In CycloneDX 1.x, the `.proto` schema for Protocol Buffers is manually maintained. This has led to: - Inconsistencies between the `.proto` definitions and the canonical JSON Schema -...
## Proposal: Modularization of the CycloneDX JSON Schema To improve maintainability and promote reuse across the CycloneDX specification, this proposal introduces a modular schema structure. The schema will be decomposed...
CycloneDX should adopt the latest version of the JSON Schema specification - at the time of writing, that is 2020-12. There is widespread use and adoption of 2020-12 and has...
### Problem In CycloneDX 1.x, several properties are loosely defined and may appear on types where they are semantically invalid. For example: - `cryptoProperties` is intended only for cryptographic assets...
Remove all deprecated field including, but not limited to: - metadata.manufacture - metadata.tools - component.author - component.modified Additionally, there are new deprecations coming in v1.7 which should also be removed.
Adds a new external reference type to reference documents such as: - a [Common Lifecycle Enumeration](https://github.com/Ecma-TC54/tg3) document. - an [OpenEOX](https://openeox.org/) document. - a human-readable document specifying end-of-life or end-of-support dates...
Adds a new type to reference a [TEA Collection object](https://github.com/CycloneDX/transparency-exchange-api/blob/main/tea-collection/tea-collection.md). A Transparency Exchange API Collection for the most part is a replacement of the `externalReferences` object, but provides a **versioned**...
There has been growing interest to document the source of where data came, specifically the components, services, organizations, people, or processes that are attributed with specific data in a BOM....