CycloneDX is a standard for describing a machine-readable Software Bill of Materials (SBOM). As software and compute fabrics increase in complexity, software becomes harder to define. Originating with OWASP, CycloneDX improves on the older SPDX standard with a broader definition that extends beyond the local machine dependencies to include runtime service dependencies. You'll also find implementations in several languages, an ecosystem of supporting integrations and a CLI tool that lets you analyze and change SBOMs with appropriate signing and verification.