CycloneDX SBOM Spec (OWASP)

Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) — a new way to securely exchange SBOMs, attestations & more. Free registration, thanks to @OWASP & @EcmaIntl cyclonedx.org/events/hackath… #CycloneDX #SBOM

The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your ML supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready. #AI #AIBOM #SBOM #OWASP #CycloneDX cyclonedx.org/guides/

Project Sunshine, by the @CycloneDX_Spec team is just amazing. Proper visualisations, with EPSS and CISA KEV enrichments, of your SBOM github.com/CycloneDX/Suns…

CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: cyclonedx.org/news/cyclonedx… #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity

📊 "Content is king" - Steve Springett on #SBOMlearningWeek Day 4. Learn how CycloneDX is enabling machine-readable attestations and five dimensions for evaluating SBOM completeness. anchore.com/blog/sbom-insi… (Miss day #3? It's here anchore.com/blog/devops-sc…) #DevSecOps

🚀vet v1.10 is here...with CycloneDX SBOM support! Generate detailed SBOMs with: 📦 Package metadata (PURLs, licenses) 🛡️ Vulnerabilities & malware info Run: vet scan --report-cdx sbomfile.cdx.json Try vet: github.com/safedep/vet #CycloneDX #SBOM #SupplyChainSecurity

Join our community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at #Monzo Bank! Learn how they replaced a proprietary vulnerability scanner with #CycloneDX #SBOMs & DT. Calendar: dub.sh/dtcalendar Zoom: dub.sh/dtzoom

The next #OWASP Dependency Track Community Meeting (virtual) on April 2nd is going to be interesting: Learn how leading UK neobank Monzo replaced a proprietary vulnerability scanner with open-source OWASP #CycloneDX and Dependency Track:

Join the DT community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at @monzo Bank! Learn how they replaced a proprietary vulnerability scanner with #CycloneDX #SBOMs & DT. Calendar: dub.sh/dtcalendar Zoom: dub.sh/dtzoom

🚨 New Webinar 🚨 The need for verifiable trust in #software components is critical. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. get.anchore.com/cyclonedxandsb…

What’s Your C/C++ Code Made Of? The Importance of the Software Bill of Materials Learn about SBOMs for C/C++ projects, and how Conan can generate CycloneDX @CycloneDX_Spec SBOMs of your dependencies, store them inside your package metadata and more: blog.conan.io/2025/02/05/Wha…

"Seat-belt approach" for #SBOMs! 💺 cdxgen >= v11.1.7's new "secure mode" uses Node.js permissions to control resource access. Safely analyze even untrusted code by limiting file access, process execution, & more. This fixes CVE-2024-50611. github.com/CycloneDX/cdxg…

Why We Chose CycloneDX Over SPDX #SBOM #CyberSecurity - worklifenotes.com/2025/01/21/why…

Level up your Ruby SBOMs with cdxgen v11.1.0 - now featuring #evinse for enhanced security and insights. Chat with #cdxgenGPT to learn more chatgpt.com/g/g-673bfeb403…

We even have a very nice, very small, very interested working group around...Threat Modeling BOM. Come join us. There's plenty of work to be done, and you get to help build some potentially very cool stuff. cyclonedx.org/participate/wo… 2/2

Do you, like me, scratch your head and think "SBOMs, what are they good for?" ? If you do, why not join one of the working groups on CycloneDX - now even easier to do by checking out the new site at cyclonedx.org ! 1/2

OWASP Members change the world. Your membership helps shape the organization and drives our projects and community. If you are not a member or are due for renewal within 60 days, please join or renew today and get 10-25% off! owasp.org/membership > Memberships > Apply

it-depends, the most comprehensive SBOM builder from @trailofbits, now has CycloneDX support github.com/trailofbits/it…

We're proud to host the 128th Meeting of the Ecma General Assembly at @Bloomberg's Global HQ, starting today in NYC! We welcome the attending Ecma members & wish them a productive week discussing the future of Ecma's standards, including #ECMAScript & #CycloneDX! #opensource

📣 dist 0.26.0 is out! - 🦀 built-in Rust cross-compilation - 🛡️ cyclonedx SBOMs, cargo-audit, and omniBOR - 🪪 checksum verification in all installers ...and more! check out the release notes here: github.com/axodotdev/carg…