OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
Currently, externalReferences supports both URL and BOM-Link. There are some types that are better expressed with BOM-Link and therefore must be preferred over a URL.
Below are some types:
bom
release-notes
model-card
formulation
attestation
vulnerability-assertion
pentest-report
To start with we can improve the documentation and create use-case examples to better illustrate the use of CycloneDX for these types.
Currently, externalReferences supports both URL and BOM-Link. There are some types that are better expressed with BOM-Link and therefore must be preferred over a URL.
Below are some types:
To start with we can improve the documentation and create use-case examples to better illustrate the use of CycloneDX for these types.