OWASP CycloneDX is a modern standard for the software supply chain. Software Bill of Materials (SBOM), SaaSBOM, Cryptography (CBOM), AI/ML-BOM, VDR/VEX...
Joined June 2017
- Tweets 620
- Following 8
- Followers 964
- Likes 501
31 Photos and videos
Pinned Tweet
21 Apr 2025
Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) — a new way to securely exchange SBOMs, attestations & more.
Free registration, thanks to @OWASP & @EcmaIntl
cyclonedx.org/events/hackath…
#CycloneDX #SBOM
5
6
2,009
Today, we're launching CycloneDX Assessors Studio (alpha). Built for maturity tracking, compliance audits, and supply chain vendor trust. Turn compliance checklists into verifiable attestations.
#CycloneDX #OWASP #Compliance #GRC #OpenSource
assessors.studio/
3
8
201
The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your ML supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready.
#AI #AIBOM #SBOM #OWASP #CycloneDX
cyclonedx.org/guides/
3
6
170
CycloneDX SBOM Spec (OWASP) retweeted
15 Oct 2025
Project Sunshine, by the @CycloneDX_Spec team is just amazing. Proper visualisations, with EPSS and CISA KEV enrichments, of your SBOM
github.com/CycloneDX/Sunshin…
3
6
832
21 Oct 2025
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclonedx…
#OWASP #CycloneDX #SBOM #CBOM #CyberSecurity
2
6
1,911
📊 "Content is king" - Steve Springett on #SBOMlearningWeek Day 4. Learn how CycloneDX is enabling machine-readable attestations and five dimensions for evaluating SBOM completeness. anchore.com/blog/sbom-insigh… (Miss day #3? It's here anchore.com/blog/devops-scal…) #DevSecOps
2
2
159
CycloneDX SBOM Spec (OWASP) retweeted
18 Apr 2025
🚀vet v1.10 is here...with CycloneDX SBOM support!
Generate detailed SBOMs with:
📦 Package metadata (PURLs, licenses)
🛡️ Vulnerabilities & malware info
Run:
vet scan --report-cdx sbomfile.cdx.json
Try vet: github.com/safedep/vet
#CycloneDX #SBOM #SupplyChainSecurity
ALT https://github.com/safedep/vet
7
15
2,281
CycloneDX SBOM Spec (OWASP) retweeted
27 Mar 2025
Join our community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at #Monzo Bank!
Learn how they replaced a proprietary vulnerability scanner with #CycloneDX
#SBOMs & DT.
Calendar: dub.sh/dtcalendar
Zoom: dub.sh/dtzoom
3
3
219
CycloneDX SBOM Spec (OWASP) retweeted
28 Mar 2025
The next #OWASP Dependency Track Community Meeting (virtual) on April 2nd is going to be interesting:
Learn how leading UK neobank Monzo replaced a proprietary vulnerability scanner with open-source OWASP #CycloneDX and Dependency Track:
27 Mar 2025
Join the DT community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at @monzo Bank! Learn how they replaced a proprietary vulnerability scanner with #CycloneDX #SBOMs & DT.
Calendar: dub.sh/dtcalendar
Zoom: dub.sh/dtzoom
3
3
400
27 Mar 2025
Join the DT community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at @monzo Bank! Learn how they replaced a proprietary vulnerability scanner with #CycloneDX #SBOMs & DT.
Calendar: dub.sh/dtcalendar
Zoom: dub.sh/dtzoom
5
6
2,430
🚨 New Webinar 🚨 The need for verifiable trust in #software components is critical. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. get.anchore.com/cyclonedxand…
1
4
3
2,461
What’s Your C/C Code Made Of? The Importance of the Software Bill of Materials
Learn about SBOMs for C/C projects, and how Conan can generate CycloneDX @CycloneDX_Spec SBOMs of your dependencies, store them inside your package metadata and more:
blog.conan.io/2025/02/05/Wha…
2
11
21
3,953
2 Feb 2025
"Seat-belt approach" for #SBOMs! 💺 cdxgen >= v11.1.7's new "secure mode" uses Node.js permissions to control resource access. Safely analyze even untrusted code by limiting file access, process execution, & more. This fixes CVE-2024-50611.
github.com/CycloneDX/cdxgen/…
1
2
103
CycloneDX SBOM Spec (OWASP) retweeted
21 Jan 2025
4
5
265
19 Jan 2025
Level up your Ruby SBOMs with cdxgen v11.1.0 - now featuring #evinse for enhanced security and insights. Chat with #cdxgenGPT to learn more
chatgpt.com/g/g-673bfeb40374…
4
6
3,057
CycloneDX SBOM Spec (OWASP) retweeted
8 Jan 2025
We even have a very nice, very small, very interested working group around...Threat Modeling BOM. Come join us. There's plenty of work to be done, and you get to help build some potentially very cool stuff. cyclonedx.org/participate/wo…
2/2
3
3
154
CycloneDX SBOM Spec (OWASP) retweeted
8 Jan 2025
Do you, like me, scratch your head and think "SBOMs, what are they good for?" ? If you do, why not join one of the working groups on CycloneDX - now even easier to do by checking out the new site at cyclonedx.org !
1/2
1
2
3
117
CycloneDX SBOM Spec (OWASP) retweeted
12 Dec 2024
OWASP Members change the world. Your membership helps shape the organization and drives our projects and community. If you are not a member or are due for renewal within 60 days, please join or renew today and get 10-25% off!
owasp.org/membership > Memberships > Apply
2
12
15
2,877
it-depends, the most comprehensive SBOM builder from @trailofbits, now has CycloneDX support
github.com/trailofbits/it-de…
1
8
18
2,671
CycloneDX SBOM Spec (OWASP) retweeted
11 Dec 2024
We're proud to host the 128th Meeting of the Ecma General Assembly at @Bloomberg's Global HQ, starting today in NYC! We welcome the attending Ecma members & wish them a productive week discussing the future of Ecma's standards, including #ECMAScript & #CycloneDX!
#opensource
5
10
1,048