specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
Bumps [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) from 1.3.4 to 1.5.1. Release notes Sourced from json-schema-for-humans's releases. v1.5.1 1.5.1 (2025-11-21) Bug Fixes semantic-release: Good if [PES-1624] (#325) (2a8c3c9) v1.5.0 1.5.0 (2025-11-21) Bug Fixes Replace "...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
## Describe the defect CycloneDX 1.5 introduced model cards. these model cards may have `properties` in JSON - ### The bug: - these model cards are missing the `properties` in...
I am translating @stevespringett 's [feedback](https://github.com/CycloneDX/specification/issues/719#issuecomment-3528968238) on the CycloneDX VEX specification into the code. > Should ratings be normative inputs for prioritization in VEX consumers? _Yes, they should be. It...
fixes #186 this automation will do the following on a daily/scheduled basis - auto-detect the latest release of SPDX licenses - update OUR list of known SPDX licenses - Pull...
A lot of discussion in the HBOM working group about different types of roles an entity may play, and which need to be captured in an HBOM. Based on these...
Bumps [commons-io:commons-io](https://github.com/apache/commons-io) from 2.17.0 to 2.21.0. Changelog Sourced from commons-io:commons-io's changelog. Apache Commons IO 2.21.0 Release Notes The Apache Commons IO team is pleased to announce the release of Apache...
Bumps [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit-framework) from 5.11.4 to 6.0.1. Release notes Sourced from org.junit.jupiter:junit-jupiter-api's releases. JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1 See Release Notes. Full Changelog: https://github.com/junit-team/junit-framework/compare/r6.0.0...r6.0.1 JUnit...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.2 to 3.5.4. Release notes Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases. 3.5.4 🚀 New features and improvements Name the shutdown hook (#3170) @cstamas Implement fail-fast behavior for JUnit Platform...
## Describe the feature This issue will capture proposed changes and action items raised as part of the MLBOM work group towards improving the ML schema for CycloneDX 2.0 -...
