CycloneDX SBOM Spec

@CycloneDX_Spec

Open source Software Bill-of-Material (SBOM) specification that is lightweight and security focused

Joined June 2017

Tweets

You blocked @CycloneDX_Spec

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @CycloneDX_Spec

  1. Jan 8

    CycloneDX Maven Plugin v1.6.0 now available. This version, by default, will now automatically install or deploy the to your Maven repository. When components are released, the corresponding SBOM is released as well. Thanks to for the pull request.

    Undo
  2. Jan 3

    CycloneDX for Node.js v1.1.0 released. This release is mainly quality-based although it contains some XML refactoring which did eliminate a few defects.

    Undo
  3. Jan 3

    I’m working on a schema extension that would provide the ability to document external services in an . This is a capability I’ve needed for a long time. Anyone interested in this concept is invited to provide feedback and guidance.

    Undo
  4. Looking to improve security in 2020? Consider . As points out, it “will be one of THE big cybersecurity issues of 2020”. Also, thread for acknowledging contributors helping to educate and deliver SBOM info and tools. Let’s do this

    Undo
  5. Undo
  6. Listen to talk about the importance of Software Bill-of-Materials (and Twinkies). Then discover how CycloneDX, an opensource SBOM format, can help.

    Undo
  7. CycloneDX for PHP Composer v1.0.0 is now available from . Special thanks to for making this release possible. This release creates CycloneDX from PHP Composer projects. Supports PHP v5.5 and higher (including v7).

    Undo
  8. and community rejoice. has created two CycloneDX build tools that create Software Bill-of-Materials from existing projects. Mix Task: Rebar3:

    Undo
  9. An initial version of CycloneDX for Composer has been published to Special thanks to for contributing all the code to make this possible. Feedback encouraged prior to release.

    Undo
  10. CycloneDX Maven plugin v1.5.0 Released. This version supports external references for common supported URLs, and dependency graphs which include all direct and transitive dependencies and each relationship. Components without dependencies are stated as such.

    Undo
  11. CycloneDX for .NET Core v0.9.0 has been released. This version corrects many code quality issues and is highly recommended. Special thanks to for the massive pull request.

    Undo
  12. It’s time to move forward on making a reality. Thanks to all of you who came together and established a commin vision of SW transparency and how we can better defend ourselves. Check out the docs, and join in for next steps!

    Undo
  13. Our CI builds have moved from travis-ci to GitHub Actions. Build status badges have been updated to reflect this change. We’ve been testing for months, and now have seamless CI integration with GitHub. core-java .net gradle maven node python ruby-gem rust-cargo specification

    Undo
  14. Thanks to Bram for creating an Elixir task for generating CycloneDX BOMs. If you develop in Elixir/Erlang, take a look at this project and the value that software bill-of-materials provide.

    Undo
  15. We’ve had many requests for CocoaPods, Go, and PHP Composer implementations. If you’re interested in SBOMs and are an OSS developer, the community could certainly benefit from code contributions.

    Undo
  16. CycloneDX Vulnerability Extension v1.0 is now available. With this optional schema extension, it’s now possible to specify vulnerabilities for components inside an . Thanks to for the contribution. Details and examples here:

    Undo
  17. Just Released: CycloneDX .NET Core v0.5 now includes extended support for processing packages.config. Thanks to a community member for the pull request!

    Undo
  18. Dependency Graph v1.0 schema extension has been released. This optional schema extends a BOMs capabilities by allowing the author to specify component dependencies within the BOM.

    Undo
  19. CycloneDX encourages the development of extension schemes to support additional use cases. One such example is a schema that would allow known vulns to be documented for each component or the asset/app the describes. Feedback:

    Undo
  20. 5 Sep 2019

    An SCA vendor is contributing a vulnerability schema extension that would lay on top of a . If you have interest in this area, please check out the pull request, discussion, and contribute to making the extension useful for all.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·