Manufacturing Bill of Materials (MBOM)

 

Declared and observed formulation for reproducibility throughout product lifecycle

Software Bill of Materials
Software-as-a-Service BOM
Vulnerability Exploitability Exchange
Hardware Bill of Materials
Operations Bill of Materials
Vulnerability Disclosure Report
Javascript Object Notation
Extensible Markup Language
Protocol Buffers

CycloneDX can describe declared and observed formulations for reproducibility throughout the product lifecycle of components and services. This advanced capability provides transparency into how components were made, how a model was trained, or how a service was created or deployed. In addition, every component and service in a CycloneDX BOM can optionally specify formulation and do so in existing BOMs or in dedicated MBOMs. By externalizing formulation into dedicated MBOMs, SBOMs can link to MBOMs for their components and services, and access control can be managed independently. This allows organizations to maintain tighter control over what parties gain access to inventory information in a BOM and what parties have access to MBOM information which may have higher sensitivity and data classification.

Independent MBOM and SBOM

Independent access controls can be established by separating the SBOM inventory from potentially highly-sensitive MBOM data. This allows organizations to provide SBOMs to a broader audience while keeping stricter control over who has access to the MBOM.

Independent SBOM and MBOM Document

High-Level Object Model

CycloneDX Object Model Swimlane

See also

Additional Capabilities

CycloneDX Supporters

Apiiro
Contrast Security
Ecma International
Fortress Information Security
IBM
IonChannel
Kondukto
Lockheed Martin
NowSecure
OWASP
Rezilion
ServiceNow
Sonatype