Spaces:

CycloneDX
/

README

Running

App Files Files Community

README / README.md

stevespringett

Update README.md

c2121bf verified about 1 year ago

preview code

raw

history blame contribute delete

2.34 kB

	---
	title: README
	emoji: 🐠
	colorFrom: blue
	colorTo: indigo
	sdk: static
	pinned: false
	short_description: CycloneDX is a modern standard for the software supply chain
	---

	# Welcome to the CycloneDX Community

	![CycloneDX logo](https://cyclonedx.org/images/CycloneDX-Social-Card.png)

	OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports:

	* Software Bill of Materials (SBOM)
	* Software-as-a-Service Bill of Materials (SaaSBOM)
	* Hardware Bill of Materials (HBOM)
	* Machine Learning Bill of Materials (ML-BOM)
	* Cryptography Bill of Materials (CBOM)
	* Manufacturing Bill of Materials (MBOM)
	* Operations Bill of Materials (OBOM)
	* Vulnerability Disclosure Reports (VDR)
	* Vulnerability Exploitability eXchange (VEX)
	* CycloneDX Attestations (CDXA)

	The CycloneDX project provides standards in XML, JSON, and Protocol Buffers, as well as a large
	[collection of official and community supported tools](https://cyclonedx.org/tool-center/)
	that create or interoperate with the standard.

	The project's website has many documented [use cases and examples](https://cyclonedx.org/use-cases/)
	that provide a springboard to SBOM adoption.

	The project operates as a [meritocracy](https://cyclonedx.org/about/governance/)
	whose [guiding principles](https://cyclonedx.org/about/guiding-principles/)
	reinforce its [risk-based approach to standards development](https://cyclonedx.org/participate/standardization-process/).
	The project encourages [community participation](https://cyclonedx.org/participate/contribute)
	in the development of the [standard and supporting tools](https://github.com/CycloneDX).

	## Background

	Modern software is assembled using third-party and open source components. They are glued together in complex and
	unique ways and integrated with original code to achieve the desired functionality. An accurate inventory of all
	components enables organizations to identify risk, allows for greater transparency, and enables rapid impact analysis.

	CycloneDX was created for this purpose.

	Strategic direction and maintenance of the specification is managed by the CycloneDX Core Working Group,
	is backed by the [OWASP Foundation](https://owasp.org),
	and is supported by the global information security community.