CYCLONEDX / GETTING STARTED / CAPABILITIES / RELEASE NOTES

Common Release Notes Format

Standardizes release notes unlocking new workflows for software publishers and consumers

Software Bill of Materials

Software-as-a-Service BOM

Vulnerability Exploitability Exchange

Hardware Bill of Materials

Operations Bill of Materials

Vulnerability Disclosure Report

Javascript Object Notation

Extensible Markup Language

Protocol Buffers

CycloneDX standardizes release notes into a common, machine-readable format. This capability unlocks new workflow potential for software publishers and consumers alike. This functionality works with or without the Bill of Materials capabilities of the spec.

Provides a common format in which to consume or publish release notes
Every component and service may optionally contain release notes
Helps reduce risk and operational expense by providing upgrade and security information to consumers
Release notes include everything necessary for publishing into multiple formats, including:
- Version information
- Multilingual descriptions
- Tags to aid search engines
- Issues (defects, enhancements, and security) resolved in a release
- Featured and social images

High-Level Object Model

CycloneDX Object Model Swimlane

See also

Authoritative Guide to SBOM

Additional Capabilities

SBOM

Software Bill of Materials

Inventory software components and services and the dependency relationships between them

SaaSBOM

Software as a Service Bill of Materials

Inventory services, endpoints, and data flows and classifications that power cloud-native applications

VEX

Vulnerability Exploitability eXchange

Convey the exploitability of vulnerable components in the context of the product in which they're used

HBOM

Hardware Bill of Materials

Inventory hardware components for IoT, ICS, and other types of embedded and connected devices

ML-BOM

Machine-Learning Bill of Materials

Model and dataset transparency for security, privacy, safety and ethical considerations

MBOM

Manufacturing Bill of Materials

Declared and observed formulation for reproducibility throughout product lifecycle

OBOM

Operations Bill of Materials

Full-stack inventory of runtime environments, configurations, and additional dependencies

VDR

Vulnerability Disclosure Report

Communicate known and unknown vulnerabilities affecting components and services

BOM-Link

Bill of Materials Linkage Syntax

Reference components, services, or vulnerabilities in BOMs from other systems or other BOMs

BOV

Bill of Vulnerabilities

Share vulnerability data between systems and sources of vulnerability intelligence

Release Notes

Common Release Notes Format

Standardizes release notes unlocking new workflows for software publishers and consumers

CycloneDX Supporters