Skip to content

CycloneDX/cyclonedx-core-java

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,623 Commits
.github
.github
 
 
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
release.sh
release.sh
 
 

Repository files navigation

Build Status Maven Central License Website Slack Invite Group Discussion Twitter

CycloneDX Core (Java)

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction

Maven Usage

<dependency>
    <groupId>org.cyclonedx</groupId>
    <artifactId>cyclonedx-core-java</artifactId>
    <version>10.1.0</version>
</dependency>

CycloneDX Schema Support

The following table provides information on the version of this node module, the CycloneDX schema version supported, as well as the output format options. Use the latest possible version of this library that is the compatible with the CycloneDX version supported by the target system.

Version Schema Version Format(s)
10.x CycloneDX v1.6.1 XML/JSON
9.x CycloneDX v1.6 XML/JSON
8.x CycloneDX v1.5 XML/JSON
7.x CycloneDX v1.4 XML/JSON
6.x CycloneDX v1.4 XML/JSON
5.x CycloneDX v1.3 XML/JSON
4.x CycloneDX v1.2 XML/JSON
3.x CycloneDX v1.2 XML/JSON
2.x CycloneDX v1.1 XML
1.x CycloneDX v1.0 XML

Library API Documentation

The library API documentation can be viewed online at https://cyclonedx.github.io/cyclonedx-core-java/.

Updating the license list

  1. Download the latest tagged release from this repo.
  2. Extract the archived directory.
  3. Navigate to the license-list-vX.X.X/text/ directory.
  4. Copy all licenses from that directory to the src/main/java/resources/licenses/ directory in this repo.
  5. Copy license-list-vX.X.X/json/licenses.json into the src/main/java/resources/licenses/ directory in this repo.
  6. Download this file (ex: curl http://cyclonedx.org/schema/spdx.schema.json -o spdx.schema.json). The $comment field should match the version you donwloaded from GitHub. Copy this file into src/main/resources/.
  7. Download this file (ex curl https://cyclonedx.org/schema/spdx.xsd -o spdx.xsd). The version field should match the version you donwloaded from GitHub. Copy this file into src/main/resources/.

Copyright & License

CycloneDX Core (Java) is Copyright (c) OWASP Foundation. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the License file for the full license.

About

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

cyclonedx.org/

Topics

library owasp bom vex spdx bill-of-materials software-bill-of-materials purl package-url sbom cyclonedx obom mbom saasbom

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

97 stars

Watchers

7 watching

Forks

77 forks
Report repository

Releases 7

cyclonedx-core-java-10.2.1 Latest
Mar 12, 2025
+ 6 releases

Sponsor this project

Used by 304

  • @cloudstone-sabegeek-tech
  • @fedinskiy
  • @Citi
  • @manusa
  • @SorunEngineering
  • @gemmellr
  • @nscuro
  • @MichalMaler
+ 296

Contributors 38
+ 24 contributors

Languages