Cyclonedx core java
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction The project is written primarily in Java, distributed under the Apache License 2.0 license, first published in 2018. Key topics include: bill-of-materials, bom, cyclonedx, library, mbom.
CycloneDX Core (Java)
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating,
validating, and parsing SBOMs. OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced
supply chain capabilities for cyber risk reduction
Maven Usage
xml<dependency> <groupId>org.cyclonedx</groupId> <artifactId>cyclonedx-core-java</artifactId> <version>12.0.1</version> </dependency>
CycloneDX Schema Support
The following table provides information on the version of this node module, the CycloneDX schema version supported,
as well as the output format options. Use the latest possible version of this library that is the compatible with
the CycloneDX version supported by the target system.
| Version | Schema Version | Format(s) |
|---|---|---|
| 12.x | CycloneDX v1.6.1 | XML/JSON |
| 11.x | CycloneDX v1.6.1 | XML/JSON |
| 10.x | CycloneDX v1.6.1 | XML/JSON |
| 9.x | CycloneDX v1.6 | XML/JSON |
| 8.x | CycloneDX v1.5 | XML/JSON |
| 7.x | CycloneDX v1.4 | XML/JSON |
| 6.x | CycloneDX v1.4 | XML/JSON |
| 5.x | CycloneDX v1.3 | XML/JSON |
| 4.x | CycloneDX v1.2 | XML/JSON |
| 3.x | CycloneDX v1.2 | XML/JSON |
| 2.x | CycloneDX v1.1 | XML |
| 1.x | CycloneDX v1.0 | XML |
Library API Documentation
The library API documentation can be viewed online at https://cyclonedx.github.io/cyclonedx-core-java/.
Updating the license list
- Download the latest tagged release from this repo.
- Extract the archived directory.
- Navigate to the
license-list-vX.X.X/text/directory. - Copy all licenses from that directory to the
src/main/java/resources/licenses/directory in this repo. - Copy
license-list-vX.X.X/json/licenses.jsoninto thesrc/main/java/resources/licenses/directory in this repo. - Download this file (ex:
curl http://cyclonedx.org/schema/spdx.schema.json -o spdx.schema.json). The$commentfield should match the version you donwloaded from GitHub. Copy this file intosrc/main/resources/. - Download this file (ex
curl https://cyclonedx.org/schema/spdx.xsd -o spdx.xsd). The version field should match the version you donwloaded from GitHub. Copy this file intosrc/main/resources/.
Copyright & License
CycloneDX Core (Java) is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the License file for the full license.
Contributors
Showing top 12 contributors by commit count.
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)
Related Repositories
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
hildogjr/KiCost
Build cost spreadsheet for a KiCad project.
CycloneDX/specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
CycloneDX/cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
CycloneDX/cyclonedx-python
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
spdx/spdx-spec
The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.