STP
SBOM Observer/

External Resources

Curated collection of external documentation and tools

A curated collection of external resources for software transparency standards.

Standards Documentation

ResourceDescription
SPDX SpecificationOfficial SPDX specification
CycloneDX SpecificationOfficial CycloneDX specification
NTIA SBOM Minimum ElementsNTIA minimum elements guidance
OpenVEX SpecificationOpenVEX format specification
CSAF StandardCommon Security Advisory Framework

Regulatory Guidance

ResourceDescription
EU CRAEU Cyber Resilience Act
NIS2 DirectiveEU Network and Information Security
Executive Order 14028US Executive Order on Cybersecurity

Community

ResourceDescription
SBOM ForumCISA SBOM resources
OpenSSFOpen Source Security Foundation

Authoritative Guides

ResourceDescription
--
Edit on GitHub

Explorer Guide

New to software transparency? Start here.

About

About the SBOM Operational Framework

On this page

Standards DocumentationRegulatory GuidanceCommunityAuthoritative Guides