Published : Mar 29, 2022
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Mar 2022
Assess
CycloneDX is a standard for describing a machine-readable Software Bill of Materials (SBOM). As software and compute fabrics increase in complexity, software becomes harder to define. Originating with OWASP, CycloneDX improves on the older SPDX standard with a broader definition that extends beyond the local machine dependencies to include runtime service dependencies. You'll also find implementations in several languages, an ecosystem of supporting integrations and a CLI tool that lets you analyze and change SBOMs with appropriate signing and verification.
