CycloneDX SBOM

See a breakdown of the file formats and features supported in CycloneDX SBOM.

We support tracking dependencies in CycloneDX SBOM using files in JSON and XML formats.

You must name your SBOM files in one of the following ways; .*bom.*\.json, .*cdx.json, .*cdx.xml or .*bom.*\.xml to allow us to identify them as CycloneDX SBOMs.

The actual supported features for your SBOM depend individually on the libraries that are included and individual package managers.

Supported file formats and features

Language

Supported File Formats

Root dependencies

Indirect dependencies

Dependency trees

Security Scanning

License Scanning

Root Fix

Pull Request

Vulnerable Functionality

High Performance Scan

CycloneDX SBOM

bom.json, cdx.json

Yes*

CycloneDX SBOM

bom.xml, cdx.xml

Yes*

*This is a native lock file format. Native lock file formats are the fastest formats to scan.

Analyzing external SBOM files using Debricked - video guide

Last updated 9 days ago

Tools

Security Compliance Health

Company

Pricing About us Blog

Support

Developer base Privacy Policy Terms & Conditions Service Status

Resources

Vulnerability DB Open Source Select Debricked Portal Report vulnerability