CycloneDX

An open standard for communicating software bill of materials (SBOM) information. Created for use in software supply chain security contexts, it includes specifications for defining the relationships between software components and for identifying known vulnerabilities in those components.