Update README.md
Browse files
README.md
CHANGED
|
@@ -5,6 +5,47 @@ colorFrom: blue
|
|
| 5 |
colorTo: indigo
|
| 6 |
sdk: static
|
| 7 |
pinned: false
|
|
|
|
| 8 |
---
|
| 9 |
|
| 10 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
colorTo: indigo
|
| 6 |
sdk: static
|
| 7 |
pinned: false
|
| 8 |
+
short_description: CycloneDX is a modern standard for the software supply chain
|
| 9 |
---
|
| 10 |
|
| 11 |
+
# Welcome to the CycloneDX Community
|
| 12 |
+
|
| 13 |
+
|
| 14 |
+
|
| 15 |
+
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. The specification supports:
|
| 16 |
+
|
| 17 |
+
* Software Bill of Materials (SBOM)
|
| 18 |
+
* Software-as-a-Service Bill of Materials (SaaSBOM)
|
| 19 |
+
* Hardware Bill of Materials (HBOM)
|
| 20 |
+
* Machine Learning Bill of Materials (ML-BOM)
|
| 21 |
+
* Cryptography Bill of Materials (CBOM)
|
| 22 |
+
* Manufacturing Bill of Materials (MBOM)
|
| 23 |
+
* Operations Bill of Materials (OBOM)
|
| 24 |
+
* Vulnerability Disclosure Reports (VDR)
|
| 25 |
+
* Vulnerability Exploitability eXchange (VEX)
|
| 26 |
+
* CycloneDX Attestations (CDXA)
|
| 27 |
+
|
| 28 |
+
The CycloneDX project provides standards in XML, JSON, and Protocol Buffers, as well as a large
|
| 29 |
+
[collection of official and community supported tools](https://cyclonedx.org/tool-center/)
|
| 30 |
+
that create or interoperate with the standard.
|
| 31 |
+
|
| 32 |
+
The project's website has many documented [use cases and examples](https://cyclonedx.org/use-cases/)
|
| 33 |
+
that provide a springboard to SBOM adoption.
|
| 34 |
+
|
| 35 |
+
The project operates as a [meritocracy](https://cyclonedx.org/about/governance/)
|
| 36 |
+
whose [guiding principles](https://cyclonedx.org/about/guiding-principles/)
|
| 37 |
+
reinforce its [risk-based approach to standards development](https://cyclonedx.org/participate/standardization-process/).
|
| 38 |
+
The project encourages [community participation](https://cyclonedx.org/participate/contribute)
|
| 39 |
+
in the development of the [standard and supporting tools](https://github.com/CycloneDX).
|
| 40 |
+
|
| 41 |
+
## Background
|
| 42 |
+
|
| 43 |
+
Modern software is assembled using third-party and open source components. They are glued together in complex and
|
| 44 |
+
unique ways and integrated with original code to achieve the desired functionality. An accurate inventory of all
|
| 45 |
+
components enables organizations to identify risk, allows for greater transparency, and enables rapid impact analysis.
|
| 46 |
+
|
| 47 |
+
CycloneDX was created for this purpose.
|
| 48 |
+
|
| 49 |
+
Strategic direction and maintenance of the specification is managed by the CycloneDX Core Working Group,
|
| 50 |
+
is backed by the [OWASP Foundation](https://owasp.org),
|
| 51 |
+
and is supported by the global information security community.
|