SBOM::CycloneDX 1.07 is released

By Giuseppe Di Terlizzi on January 21, 2026 9:23 PM

I've released a new version of SBOM::CycloneDX with support for the OWASP CycloneDX 1.7 specification (ECMA-424).

This release includes the new elements introduced in 1.7, with a focus on:

Enhancements to Cryptography Bill of Materials (CBOM)
Citations: references and sources for evidence/metadata
Intellectual Property Transparency: references to associated patents (number, jurisdiction, link, assignee) for compliance / due diligence needs

New experimental "SBOM::CycloneDX::Lite" interface: A lightweight module designed to generate BOMs with a simpler API, using the most common CycloneDX properties.

Examples included in the distribution (use them as a starting point to build your own applications/tools that generate BOM files): - "x509-to-cbom" : generates a CBOM from an X.509 certificate - "rpm-to-sbom" : generates a SBOM from installed RPM packages (on RHEL-based)

The goal of this module is to help the Perl community generate BOM files more easily, improving security and compliance across the ecosystem and making the software supply chain more transparent.

SBOM::CycloneDX is available on CPAN / MetaCPAN: https://metacpan.org/pod/SBOM::CycloneDX

Related projects: - App::CPAN::SBOM - https://metacpan.org/dist/App-CPAN-SBOM - Modules::CoreList::SBOM - https://github.com/giterlizzi/perl-Module-CoreList-SBOM

0 comments

Tagged as:

BOM, CBOM, CycloneDX, OWASP, SBOM, SupplyChain

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

About Giuseppe Di Terlizzi

I blog about Perl.

More info »

Giuseppe Di Terlizzi