What is a CycloneDX SBOM and why is it important?

CycloneDX SBOM is a standardized, machine-readable Software Bill of Materials that lists the components in a software product along with metadata like versions, licenses, suppliers, and dependencies. Delivered in a structured format (often JSON or XML), it enables automated risk assessment and supply chain transparency by making it easy to see exactly what components are used, how they’re licensed, and where vulnerabilities may come from. This is why it’s the best description: it captures both the format (a standard SBOM) and the purpose (listing components and licenses to support risk management and transparency across the software supply chain). Descriptions that refer to runtime tooling, executable binaries, or policy rules describe something other than the documented components and licenses of a software bill of materials.