CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
CycloneDX SBOM Spec (OWASP) on X: "CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity" / X
CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity
x.com
October 21, 2025 at 3:40 PM
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
Gibt es hier jemand der schon Erfahrungen mit der Erzeugung von cycloneDX SBOMs und VEX Dokumenten im Rahmen eines gradle Builds gesammelt hat?
September 7, 2023 at 6:21 PM
Gibt es hier jemand der schon Erfahrungen mit der Erzeugung von cycloneDX SBOMs und VEX Dokumenten im Rahmen eines gradle Builds gesammelt hat?
📦 cyclonedx/cyclonedx-library v3.8.0
Work with CycloneDX documents.
🔗 https://github.com/CycloneDX/cyclonedx-php-library
Work with CycloneDX documents.
🔗 https://github.com/CycloneDX/cyclonedx-php-library
October 23, 2025 at 10:59 AM
📦 cyclonedx/cyclonedx-library v3.8.0
Work with CycloneDX documents.
🔗 https://github.com/CycloneDX/cyclonedx-php-library
Work with CycloneDX documents.
🔗 https://github.com/CycloneDX/cyclonedx-php-library
You can now share your thoughts on vulnerability CVE-2025-64518 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-64518
CycloneDX - cyclonedx-core-java
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-64518
CycloneDX - cyclonedx-core-java
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-64518
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
November 10, 2025 at 10:20 PM
You can now share your thoughts on vulnerability CVE-2025-64518 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-64518
CycloneDX - cyclonedx-core-java
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-64518
CycloneDX - cyclonedx-core-java
#vulnerabilitylookup #vulnerability #cybersecurity #bot
OWASP CycloneDX are coming to FOSDEM! We'll speak in many dev rooms and in the main track. Let's meet!
#owasp #cyclonedx #SBOM
#owasp #cyclonedx #SBOM
January 16, 2025 at 3:29 PM
OWASP CycloneDX are coming to FOSDEM! We'll speak in many dev rooms and in the main track. Let's meet!
#owasp #cyclonedx #SBOM
#owasp #cyclonedx #SBOM
I know that there is CycloneDX generator for #ElixirLang, but is there any for SPDX BoM?
February 26, 2025 at 2:09 PM
I know that there is CycloneDX generator for #ElixirLang, but is there any for SPDX BoM?
OSIM aims to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX #OSIM #SupplyChainSecurity #SBOM #OASIS #ApplicationSecurity
tinyurl.com/38kjaf8b
tinyurl.com/38kjaf8b
OASIS Open's push for a software supply chain standard: All together now?
OSIM aims to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. more
tinyurl.com
June 27, 2024 at 9:17 PM
OSIM aims to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX #OSIM #SupplyChainSecurity #SBOM #OASIS #ApplicationSecurity
tinyurl.com/38kjaf8b
tinyurl.com/38kjaf8b
Also seems like pinning CycloneDX/gh-dotnet-generate-sbom isn't sufficient, because internally it does dotnet tool install without specifying a version see: github.com/CycloneDX/gh...
April 3, 2025 at 8:44 PM
Also seems like pinning CycloneDX/gh-dotnet-generate-sbom isn't sufficient, because internally it does dotnet tool install without specifying a version see: github.com/CycloneDX/gh...
Open-Source-Maintainer Jan Kowalleck begann seine Mitarbeit bei OWASP CycloneDX, mit einem kleinen Bug-Fix. Dieser Schritt löste eine Reise aus, die ihn schließlich zum Projekt-Co-Leiter, Mentor für neue Contributors und Mitgestalter eines internationalen Standards für Software-Transparenz machte.
September 12, 2025 at 1:27 PM
Open-Source-Maintainer Jan Kowalleck begann seine Mitarbeit bei OWASP CycloneDX, mit einem kleinen Bug-Fix. Dieser Schritt löste eine Reise aus, die ihn schließlich zum Projekt-Co-Leiter, Mentor für neue Contributors und Mitgestalter eines internationalen Standards für Software-Transparenz machte.
🚨 TODAY 🚨 Join us live to talk verifiable trust in #software components. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. https://get.anchore.com/cyclonedxandsboms/
February 26, 2025 at 1:00 PM
🚨 TODAY 🚨 Join us live to talk verifiable trust in #software components. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. https://get.anchore.com/cyclonedxandsboms/
Wanting to get started with CycloneDX, Software Bill of Materials, and Cryptographic Bill of Materials? Check out these official guides!
cyclonedx.org/guides/
cyclonedx.org/guides/
CycloneDX Guides and Resources
Explore guides created by OWASP for adopters of CycloneDX. Guides are available for many BOM types supported by CycloneDX.
cyclonedx.org
April 9, 2024 at 8:29 PM
Wanting to get started with CycloneDX, Software Bill of Materials, and Cryptographic Bill of Materials? Check out these official guides!
cyclonedx.org/guides/
cyclonedx.org/guides/
Jan Kowalleck is a #SovereignTechFellow and works on software supply chain standards, including as maintainer of OWASP CycloneDX: www.sovereign.tech/news/meet-th... 6/
March 13, 2025 at 2:07 PM
Jan Kowalleck is a #SovereignTechFellow and works on software supply chain standards, including as maintainer of OWASP CycloneDX: www.sovereign.tech/news/meet-th... 6/
Enhancing Supply Chain Security: Signing SBOMs with CycloneDX https://groups.google.com/g/technical-appsec/c/2vrvxhP7DBI?utm_source=dlvr.it&utm_medium=bluesky #AppSec
June 13, 2024 at 8:25 PM
Enhancing Supply Chain Security: Signing SBOMs with CycloneDX https://groups.google.com/g/technical-appsec/c/2vrvxhP7DBI?utm_source=dlvr.it&utm_medium=bluesky #AppSec
New ReARM Release: SARIF, CycloneDX VDR/BOV, and Artifact Versioning rearmhq.com/blog/2025-09...
New ReARM Release: SARIF, CycloneDX VDR/BOV, and Artifact Versioning - ReARM by Reliza
The ReARM team is pleased to announce the new major release of ReARM CE v25.08.115 and ReARM Pro v25.08.108. This release contains two key new features: ...
rearmhq.com
September 2, 2025 at 2:18 PM
New ReARM Release: SARIF, CycloneDX VDR/BOV, and Artifact Versioning rearmhq.com/blog/2025-09...
“The BOM should be treated like critical infrastructure: signed, stored, regularly updated, and ideally formatted using a standard like CycloneDX. If you don’t know what’s in your model, you can’t secure it.” www.scworld.com/feature/owas... #AI #AIBoM #AISupplyChainSecurity
OWASP’s cure for a sick AI supply chain
OWASP doesn’t just name supply chain attacks a top AI threat, it shows exactly how to stop them. This is the fix, straight from the source.
www.scworld.com
July 26, 2025 at 10:19 PM
“The BOM should be treated like critical infrastructure: signed, stored, regularly updated, and ideally formatted using a standard like CycloneDX. If you don’t know what’s in your model, you can’t secure it.” www.scworld.com/feature/owas... #AI #AIBoM #AISupplyChainSecurity
Ok, so according to ChatGPT, default "cyclonedx" is the classifier to go with for CycloneDX BOMs. Maybe I'll check with Claude before committing :)
April 26, 2025 at 9:39 PM
Ok, so according to ChatGPT, default "cyclonedx" is the classifier to go with for CycloneDX BOMs. Maybe I'll check with Claude before committing :)
Zen of SBOM #2: "SBOM is not a single process to be completed. It's a lifecycle process".
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
May 16, 2025 at 10:06 AM
Zen of SBOM #2: "SBOM is not a single process to be completed. It's a lifecycle process".
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
What do you think? Discuss!
#SBOM #ZENSBOM #SPDX #CYCLONEDX
Join us for a few postings named "The ZEN of SBOM". The first one is "SBOM is not the answer to all software problems, but it sure helps"
What do you think! Let's discuss!
#SBOM #CYCLONEDX #SPDX #SOFTWARETRANSPARENCY
What do you think! Let's discuss!
#SBOM #CYCLONEDX #SPDX #SOFTWARETRANSPARENCY
May 14, 2025 at 6:38 PM
Join us for a few postings named "The ZEN of SBOM". The first one is "SBOM is not the answer to all software problems, but it sure helps"
What do you think! Let's discuss!
#SBOM #CYCLONEDX #SPDX #SOFTWARETRANSPARENCY
What do you think! Let's discuss!
#SBOM #CYCLONEDX #SPDX #SOFTWARETRANSPARENCY
Solidot: "CycloneDX Rust 漏洞悬赏项目因 AI 报告涌入而关闭"
CycloneDX Rust 漏洞悬赏项目因 AI 报告涌入而关闭
CycloneDX Rust (Cargo)插件项目有漏洞悬赏项目,资金来自于德国主权科技基金(Sovereign Tech Fund)的 Bug Resilience Program,但由于大量 AI 生成的漏洞报告涌入,开发者在 GitHub 上宣布关闭该项目。开发者称他们收到的报告几乎全都是 AI 生成的垃圾,与 CycloneDX Rust (Cargo)插件根本没有关系,绝大多数报告者甚至都懒得阅读规则或者了解该工具的用途。AI 生成的报告增加了额外的工作,所以他们决定关闭该项目。开发者最后说,“感谢 AI。”
www.solidot.org
May 24, 2025 at 2:37 PM
Solidot: "CycloneDX Rust 漏洞悬赏项目因 AI 报告涌入而关闭"
Kick off 2025 right! Join our weekly #SBOM webinar series starting Jan 14. Learn from experts like Kate Stewart (#SPDX) & Steve Springett (#CycloneDX) and master the art of securing your software supply chain.
Read the bl... https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/
Read the bl... https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/
January 8, 2025 at 4:46 AM
Kick off 2025 right! Join our weekly #SBOM webinar series starting Jan 14. Learn from experts like Kate Stewart (#SPDX) & Steve Springett (#CycloneDX) and master the art of securing your software supply chain.
Read the bl... https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/
Read the bl... https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/
#406814 tbb_2021_11_0: address feedback from #405670
#406809 hexpatch: 1.11.1 -> 1.11.2
#406803 hobbes: 0-unstable-2023-06-03 -> 0-unstable-2025-04-23
#406798 cyclonedx-python: 6.0.0 -> 6.1.1
#406797 cargoSetupHook: fix setting crt-static
#406796 python3Packages.docling: 2.31.1 -> 2.31.2
#406809 hexpatch: 1.11.1 -> 1.11.2
#406803 hobbes: 0-unstable-2023-06-03 -> 0-unstable-2025-04-23
#406798 cyclonedx-python: 6.0.0 -> 6.1.1
#406797 cargoSetupHook: fix setting crt-static
#406796 python3Packages.docling: 2.31.1 -> 2.31.2
May 14, 2025 at 12:05 AM
#406814 tbb_2021_11_0: address feedback from #405670
#406809 hexpatch: 1.11.1 -> 1.11.2
#406803 hobbes: 0-unstable-2023-06-03 -> 0-unstable-2025-04-23
#406798 cyclonedx-python: 6.0.0 -> 6.1.1
#406797 cargoSetupHook: fix setting crt-static
#406796 python3Packages.docling: 2.31.1 -> 2.31.2
#406809 hexpatch: 1.11.1 -> 1.11.2
#406803 hobbes: 0-unstable-2023-06-03 -> 0-unstable-2025-04-23
#406798 cyclonedx-python: 6.0.0 -> 6.1.1
#406797 cargoSetupHook: fix setting crt-static
#406796 python3Packages.docling: 2.31.1 -> 2.31.2
Having to shut down your bug bounty program due to the sheer volume of AI flooding it with responses trying to cash out is just a really sad state of affairs github.com/CycloneDX/cy...
Remove Bug Bounty program by lfrancke · Pull Request #786 · CycloneDX/cyclonedx-rust-cargo
We received almost entirely AI slop reports that are irrelevant to our tool. It's a library and most reporters didn't even bother to read the rules or even look at what the intended purpose...
github.com
May 23, 2025 at 1:31 PM
Having to shut down your bug bounty program due to the sheer volume of AI flooding it with responses trying to cash out is just a really sad state of affairs github.com/CycloneDX/cy...