specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
During the v1.5 proposal process for formulation schema (or Manufacturing BOM, MBOM), the emphasis was on creating the new schema needed; however, the WG was presented additional considerations to better...
The list of valid component types is rather limited and this makes tools such as Dependency Track less useful when trying to work with container orchestration environments - essentially everything...
With numerous organizations successfully adopting CBOM, it is becoming increasingly important to standardize the list of EC and algorithm names. This has been discussed in multiple CBOM working groups throughout...
MBOM represents "Workflows" which, despite being focused on automation, MUST be able to represent "human" or manual processes which require a means to represent an identity that is not a...
The `formula` element allows the declaration of multiple `workflow` elements; however, there is no easy means to determine (looking strictly at the workflow definitions) the execution order without comparing (and...
The current schema for `inputs` and `outputs` attributes for the `trigger` element are as follows: ``` "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at...
## Describe the feature xBOM specification is currently optimized for automation and integration purposes. Despite this goal, xBOM documents are often consumed in the following ad-hoc ways: - Consumption via...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. Release notes Sourced from actions/upload-artifact's releases. v6.0.0 v6 - What's new [!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.5.5 to 2.0.1. Release notes Sourced from com.networknt:json-schema-validator's releases. 2.0.1- 2025-12-11 Added Changed Skip processing of properties keyword if not an object (#1217) Thanks @justin-tay Allow for...
Bumps [org.apache.commons:commons-text](https://github.com/apache/commons-text) from 1.12.0 to 1.15.0. Changelog Sourced from org.apache.commons:commons-text's changelog. Apache Commons Text 1.15.0 Release Notes The Apache Commons Text team is pleased to announce the release of Apache...