CycloneDX Bill of materials specification

Toggle shortcuts help?
Toggle "can call user code" annotationsu
Navigate to/from multipagem
Jump to search box/
Toggle pinning of the current clausep
Jump to the n^th pin1-9
Jump to the 10^th pin0
Jump to the most recent link target`

2 Conformance

This Standard includes the implementation requirements that systems processing CycloneDX content shall satisfy in order to achieve conforming interoperability. An implementation is a consumer, or a producer, or both a consumer and a producer.

In order for a consumer to be considered conformant, the following rules apply:

It shall interpret and process the contents of CycloneDX BOMs in a manner conforming to this Standard. A consumer is not required to interpret or process all of the content in a CycloneDX BOM.

It should instantiate a warning or error condition when a CycloneDX BOM is not conforming to this Standard.

It shall not instantiate an error condition in response to a CycloneDX BOM conforming to this Standard.

When optional or recommended features contained within CycloneDX BOMs are accessed by a consumer, the consumer shall interpret and process those features in a manner conforming to this Standard.

In order for a producer to be considered conformant, the following rules apply:

Any CycloneDX BOM it creates shall conform to this Standard.

It shall not introduce any non-conforming CycloneDX content when modifying or enriching a CycloneDX BOM.

When a producer chooses to use an optional or recommended feature in an CycloneDX BOM, then the producer shall create or modify that feature in a manner conforming to this Standard.