sbom
An SBOM is a nested inventory, a list of ingredients that make up software components (https://www.cisa.gov/sbom)
-
CycloneDX (https://cyclonedx.org/specification/overview)
Media Types:
application/vnd.cyclonedx+xml
for CycloneDX files in XML formatapplication/vnd.cyclonedx+json
for CycloneDX files in JSON format
-
SPDX (https://spdx.github.io/spdx-spec/v2.3)
Media Types:
text/spdx
for SPDX files in tag-value formatapplication/spdx+xml
for SPDX files in RDF formatapplication/spdx+json
for SPDX files in JSON formatapplication/spdx+yaml
for SPDX files in YAML format
-
Media Types:
application/swid+xml
for SWID files in XML format
-
Syft (https://github.com/anchore/syft)
Media Types:
application/vnd.syft+json
for Syft generated SBOMs in JSON format