CycloneDX’s Python Library documentation

OWASP CycloneDX is a full‑stack Bill of Materials (BOM) and system‑transparency standard that provides deep visibility into software, services, hardware, and AI components, enabling advanced supply‑chain security and cyber‑risk reduction.

This Python package provides data models, validators and more, to help you create/render/read CycloneDX documents.

This package is not designed for standalone use. It is a software library.

As of version 3.0.0 of this library, the internal data model was adjusted to allow CycloneDX VEX documents to be produced as per official examples linking VEX to a separate CycloneDX document.

If you’re looking for a CycloneDX tool to run to generate (SBOM) software bill-of-materials documents, why not checkout CycloneDX Python or Jake.

Contents:

• Responsibilities
• Capabilities
• Installation
  • Extras
• Architecture
  • Modelling
  • Schema Support
  • Outputting
• Examples
  • Complex Serialize
  • Complex Deserialize
  • Complex Validation
• Contributing
  • Setup
  • Code style
  • Documentation
  • Testing
  • Sign off your commits
  • Pre-commit hooks
• Support
  • Python Version Support
• Changelog
  • CHANGELOG
• Upgrading to v8
  • Add this library to Metadata Tools
  • Import model Tool
  • Alter Metadata Tools
  • Alter Vulnerability Tools
  • Set LicenseExpression Acknowledgement
• API Reference
  • cyclonedx