OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
CycloneDX should support both declared and concluded licenses. Currently, the license acknowledgement is undefined and there is no way to communicate this. Observed licenses are already supported in evidence.licenses, so no need to expand upon that.
CycloneDX should support both declared and concluded licenses. Currently, the license acknowledgement is undefined and there is no way to communicate this. Observed licenses are already supported in evidence.licenses, so no need to expand upon that.