CycloneDX Bill of Materials Specification (ECMA-424)'s Avatar

CycloneDX Bill of Materials Specification (ECMA-424)

@cyclonedx

OWASP CycloneDX is a modern standard for the software supply chain. #SBOM #SaaSBOM #CBOM #MLBOM #AIBOM #HBOM #VEX CycloneDX is an open industry specification standardized by Ecma TC54 as ECMA-424. https://cyclonedx.org https://tc54.org/cyclonedx/

419
Followers 6
Following 3
Posts 31.10.2024
Joined
Posts Following

Latest posts by CycloneDX Bill of Materials Specification (ECMA-424) @cyclonedx

Preview
Guides and Resources | CycloneDX Unlock valuable insights and practical guidance to help your organization maximize CycloneDX and reduce supply chain risk.

The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your AI supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready.

#AI #AIBOM #SBOM #OWASP #CycloneDX

cyclonedx.org/guides/

03.03.2026 20:16 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

"The format doesn't really matter... It's really about the content."

We hosted @stevespringett.bsky.social, Chair of the CycloneDX WG, to discuss why the industry needs to stop fighting format wars and st... https://anchore.com/blog/4-lessons-on-future-of-software-transparency-with-steve-springett/

03.12.2025 02:30 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
CycloneDX SBOM Spec (OWASP) on X: "CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity" / X CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity

CycloneDX v1.7 is here!

The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility

Learn more: cyclonedx.org/news/cyclone...

#OWASP #SBOM #CBOM #CyberSecurity

21.10.2025 15:40 πŸ‘ 8 πŸ” 6 πŸ’¬ 1 πŸ“Œ 0
Preview
Transparency Exchange API (TEA) Hackathon - Barcelona 2025 | CycloneDX Join us in Barcelona to test and shape the Transparency Exchange API, the next evolution in secure supply chain communication.

Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) β€” a new way to securely exchange SBOMs, attestations & more.

Free registration, thanks to @owasp.org and Ecma International.

cyclonedx.org/events/hacka...

#CycloneDX #SBOM

21.04.2025 20:39 πŸ‘ 7 πŸ” 5 πŸ’¬ 0 πŸ“Œ 2

Honored to be discussing @cyclonedx.bsky.social and machine-readable attestations with Anchore this month. Join me! This is going to be fun and educational for anyone not familiar with CycloneDX Attestations (CDXA). This is an ideal solution for EO 14144 which requires machine-readable attestations.

15.02.2025 23:04 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
cdx1 - Unlocking the Next Frontier in xBOM Analysis If asked to name an incubator that has produced hundreds of projects and tens of highly valuable unicorns, one need only mention the OWASP Foundation. While many in the Western world erroneously assum...

The continued innovation happening in @cyclonedx.bsky.social is truly inspiring. This week, its from the cdxgen team with "cdx1", a family of open-source, SOTA machine learning (ML) models purpose-built for xBOM analysis, validation, and reasoning.

www.linkedin.com/pulse/cdx1-u...

#OWASP #SBOM

10.02.2025 19:31 πŸ‘ 4 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Preview
ChatGPT - CycloneDX Generator (cdxgen) I'm a CycloneDX and xBOM expert.

From @cyclonedx.bsky.social Level up your Ruby SBOMs with cdxgen v11.1.0 - now featuring #evinse for enhanced security and insights. Chat with #cdxgenGPT to learn more. chatgpt.com/g/g-673bfeb4...

19.01.2025 18:42 πŸ‘ 7 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

From Jeff Williams at @cyclonedx.bsky.social
"The new Cybersecurity EO requires machine readable secure software development attestations. Good thing the OWASP CycloneDX project already created the CDXA standard to capture attestations."

Check it out: cyclonedx.org/capabilities...

17.01.2025 09:37 πŸ‘ 15 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0

At the first ever KoalaCon @owasp.org shared insights into how TEA (Transparency Exchange API) can help automate your product lifecycle. This will be essential to dependency management and vulnerability management in the future. And you can be part of it! #cybersec #appsec #dependency-management

10.12.2024 06:08 πŸ‘ 15 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
OWASP KoalaCon 2024
OWASP KoalaCon 2024 YouTube video by OWASP CycloneDX

KoalaCon 2024 was a huge success. Thank you to all the speakers, including Olle E Johansson, Anthony Harrison, Niklas DΓΌster, Viktor Petersson, and Piotr P. Karwasz. Couldn't attend. No worries, the recording is available on YouTube.

youtu.be/NStzYW4WnEE?...

#OWASP #SBOM #SoftwareTransparency

02.12.2024 23:29 πŸ‘ 10 πŸ” 7 πŸ’¬ 0 πŸ“Œ 2