CycloneDX

CycloneDX is an OWASP full-stack Bill of Materials (BOM) standard that provides a lightweight, machine-readable format for documenting software components, dependencies, services, and vulnerabilities across the entire software supply chain, supporting multiple BOM types including Software Bill of Materials (SBOM), Software-as-a-Service BOM (SaaSBOM), Hardware BOM (HBOM), Cryptography BOM (CBOM), and Vulnerability Disclosure Reports (VDR). The specification enables organizations to achieve transparency in their software ecosystems by representing comprehensive inventories that facilitate rapid identification of vulnerabilities, licensing conflicts, outdated components, and supply chain risks Nexpose while integrating seamlessly with vulnerability management systems and compliance frameworks.