https://github.com/cyclonedx/cyclonedx-go

bill-of-materials bom golang library mbom obom owasp saasbom sbom software-bill-of-materials vex

Score: 27.72905618714191

Last synced: about 9 hours ago
JSON representation

Repository metadata:

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)

Host: GitHub
URL: https://github.com/cyclonedx/cyclonedx-go
Owner: CycloneDX
License: apache-2.0
Created: 2021-03-02T11:20:02.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2026-02-01T09:52:23.000Z (6 days ago)
Last Synced: 2026-02-02T04:52:21.951Z (5 days ago)
Topics: bill-of-materials, bom, golang, library, mbom, obom, owasp, saasbom, sbom, software-bill-of-materials, vex
Language: Go
Homepage: https://cyclonedx.org/
Size: 885 KB
Stars: 102
Watchers: 5
Forks: 38
Open Issues: 21
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS
- Notice: NOTICE
Funding:
- Custom: https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX

Owner metadata:

Name: CycloneDX SBOM Standard
Login: CycloneDX
Email:
Kind: organization
Description: CycloneDX is a modern standard for the software supply chain. SBOM, SaaSBOM, CBOM, OBOM, VEX, and more. CycloneDX is a OWASP project ratified as ECMA-424
Website: https://cyclonedx.org/
Location:
Twitter: CycloneDX_Spec
Company:
Icon url: https://avatars.githubusercontent.com/u/29029855?v=4
Repositories: 52
Last Synced at: 2025-03-05T09:02:28.879Z
Profile URL: https://github.com/CycloneDX

GitHub Events

Total

Create event: 27
Delete event: 22
Fork event: 5
Issue comment event: 43
Issues event: 8
Pull request event: 62
Pull request review comment event: 3
Pull request review event: 19
Push event: 23
Release event: 1
Watch event: 17
Total: 230

Last Year

Create event: 18
Delete event: 15
Fork event: 3
Issue comment event: 21
Issues event: 5
Pull request event: 46
Pull request review event: 7
Push event: 14
Watch event: 11
Total: 140

Committers metadata

Last synced: 21 days ago

Total Commits: 236
Total Committers: 15
Avg Commits per committer: 15.733
Development Distribution Score (DDS): 0.53

Commits in past year: 9
Committers in past year: 3
Avg Commits per committer in past year: 3.0
Development Distribution Score (DDS) in past year: 0.222

Name	Email	Commits
nscuro	n**o@p**m	111
dependabot[bot]	4****]	88
Maximilian Combüchen	m**n@s**o	13
DmitriyLewen	d**n@s**o	10
Tim Pickles	t**s@s**o	3
Petzys	8****s	2
chenk	h**n@g**m	1
Radu Gheorghe	r**e@s**o	1
Paul Horton	p**n@s**m	1
Michael de Senna	d****a	1
Matthieu MOREL	m**5@g**m	1
Keith Zantow	k**w@g**m	1
Justin Abrahms	j**n@a**s	1
John Speed Meyers	j**s@c**v	1
Christian Köberl	c**l@p**m	1

Issue and Pull Request metadata

Last synced: 10 days ago

Total issues: 48
Total pull requests: 255
Average time to close issues: about 1 month
Average time to close pull requests: 14 days
Total issue authors: 31
Total pull request authors: 21
Average comments per issue: 1.44
Average comments per pull request: 0.44
Merged pull request: 180
Bot issues: 1
Bot pull requests: 157

Past year issues: 7
Past year pull requests: 38
Past year average time to close issues: 1 day
Past year average time to close pull requests: about 1 month
Past year issue authors: 7
Past year pull request authors: 5
Past year average comments per issue: 0.14
Past year average comments per pull request: 0.63
Past year merged pull request: 11
Past year bot issues: 0
Past year bot pull requests: 33

More stats: https://issues.ecosyste.ms/repositories/lookup?url=https://github.com/cyclonedx/cyclonedx-go

Top Issue Authors

mcombuechen (11)
nscuro (7)
desenna (2)
snyk-tim (1)
jkowalleck (1)
ianling (1)
derkoe (1)
aharal (1)
Petzys (1)
dependabot[bot] (1)
416rehman (1)
madpah (1)
seb06cai (1)
chrsch-dev (1)
darioandre (1)

Top Pull Request Authors

dependabot[bot] (157)
nscuro (45)
mcombuechen (23)
snyk-tim (6)
Petzys (5)
chen-keinan (2)
jameskim0987 (2)
VictorHuu (2)
mmorel-35 (1)
wayne-grant (1)
JoeyShapiro (1)
desenna (1)
madpah (1)
justinabrahms (1)
DmitriyLewen (1)

Top Issue Labels

enhancement (19)
spec/1.6 (11)
bug (6)
spec/1.5 (4)
help wanted (2)
spec:1.4 (1)
spec:1.5 (1)
dependencies (1)
github_actions (1)

Top Pull Request Labels

dependencies (157)
github_actions (122)
enhancement (55)
spec/1.6 (30)
docker (19)
go (17)
spec:1.5 (7)
bug (4)
spec/1.5 (3)
documentation (1)
qa (1)

Package metadata

Total packages: 9
Total downloads: unknown
Total docker downloads: 597,831,111
Total dependent packages: 501 (may contain duplicates)
Total dependent repositories: 520 (may contain duplicates)
Total versions: 153

proxy.golang.org: github.com/CycloneDX/cyclonedx-go

This example demonstrates how to decode and work with BOMs in CycloneDX format. This example demonstrates how to create and encode a BOM in CycloneDX format.

Homepage: https://github.com/CycloneDX/cyclonedx-go
Documentation: https://pkg.go.dev/github.com/CycloneDX/cyclonedx-go#section-documentation
Licenses: Apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-18T08:47:31.756Z (20 days ago)
Versions: 17
Dependent Packages: 501
Dependent Repositories: 520
Docker Downloads: 595,787,889
Rankings:
- Docker downloads count: 0.15%
- Dependent packages count: 0.217%
- Dependent repos count: 0.31%
- Average: 2.753%
- Stargazers count: 6.284%
- Forks count: 6.803%

proxy.golang.org: github.com/CyclonedX/cyclonedx-go

Homepage:
Documentation: https://pkg.go.dev/github.com/CyclonedX/cyclonedx-go#section-documentation
Licenses:
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-20T14:45:21.879Z (18 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent packages count: 5.017%
- Average: 5.186%
- Dependent repos count: 5.354%

proxy.golang.org: github.com/cycloneDX/cyclonedx-go

Homepage:
Documentation: https://pkg.go.dev/github.com/cycloneDX/cyclonedx-go#section-documentation
Licenses: apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-20T14:45:21.852Z (18 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Forks count: 4.756%
- Dependent packages count: 5.173%
- Average: 5.29%
- Dependent repos count: 5.52%
- Stargazers count: 5.711%

proxy.golang.org: github.com/Cyclonedx/cyclonedx-go

This example demonstrates how to decode and work with BOMs in CycloneDX format. This example demonstrates how to create and encode a BOM in CycloneDX format.

Homepage: https://github.com/CycloneDX/cyclonedx-go
Documentation: https://pkg.go.dev/github.com/Cyclonedx/cyclonedx-go#section-documentation
Licenses: Apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-25T07:07:24.348Z (13 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 3.771%
- Forks count: 4.095%
- Average: 6.053%
- Dependent packages count: 6.999%
- Dependent repos count: 9.346%

proxy.golang.org: github.com/cyclonedx/cycloneDX-go

Homepage:
Documentation: https://pkg.go.dev/github.com/cyclonedx/cycloneDX-go#section-documentation
Licenses: apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-25T07:07:24.856Z (13 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 3.965%
- Forks count: 4.268%
- Average: 6.144%
- Dependent packages count: 6.999%
- Dependent repos count: 9.346%

proxy.golang.org: github.com/CycloneDX/cyclOnedx-go

Homepage:
Documentation: https://pkg.go.dev/github.com/CycloneDX/cyclOnedx-go#section-documentation
Licenses: apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-25T07:07:31.782Z (13 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Forks count: 4.469%
- Stargazers count: 6.793%
- Average: 6.902%
- Dependent packages count: 6.999%
- Dependent repos count: 9.346%

proxy.golang.org: github.com/CycloneDx/cyclonedx-go

Homepage:
Documentation: https://pkg.go.dev/github.com/CycloneDx/cyclonedx-go#section-documentation
Licenses: apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-18T08:47:33.212Z (20 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Forks count: 5.839%
- Stargazers count: 5.923%
- Average: 7.807%
- Dependent packages count: 8.899%
- Dependent repos count: 10.567%

proxy.golang.org: github.com/cyclonedx/cyclonedx-go

This example demonstrates how to decode and work with BOMs in CycloneDX format. This example demonstrates how to create and encode a BOM in CycloneDX format.

Homepage: https://github.com/CycloneDX/cyclonedx-go
Documentation: https://pkg.go.dev/github.com/cyclonedx/cyclonedx-go#section-documentation
Licenses: Apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-25T07:07:30.417Z (13 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Docker Downloads: 2,043,222
Rankings:
- Dependent packages count: 6.999%
- Average: 8.173%
- Dependent repos count: 9.346%

proxy.golang.org: github.com/cYcloneDX/cyclonedx-go

Homepage:
Documentation: https://pkg.go.dev/github.com/cYcloneDX/cyclonedx-go#section-documentation
Licenses: apache-2.0
Latest release: v0.9.3 (published 4 months ago)
Last Synced: 2026-01-25T07:07:21.626Z (13 days ago)
Versions: 17
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent packages count: 6.999%
- Average: 8.173%
- Dependent repos count: 9.346%

Dependencies

.github/workflows/ci.yml actions

actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-go 6edd4406fa81c3da01a34fa6f6343087c207a568 composite
apache/skywalking-eyes 438e4ea5682269933ea2c8b5608662e52af26959 composite
golangci/golangci-lint-action 08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 composite

.github/workflows/goreleaser.yml actions

CycloneDX/gh-gomod-generate-sbom d4aee0cf5133055dbd98899978246c10c18c440f composite
actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
actions/setup-go 6edd4406fa81c3da01a34fa6f6343087c207a568 composite
goreleaser/goreleaser-action 8f67e590f2d095516493f017008adc464e63adb1 composite

go.mod go

github.com/bradleyjkemp/cupaloy/v2 v2.8.0
github.com/davecgh/go-spew v1.1.1
github.com/pmezard/go-difflib v1.0.0
github.com/stretchr/testify v1.8.1
gopkg.in/yaml.v3 v3.0.1

go.sum go

github.com/bradleyjkemp/cupaloy/v2 v2.8.0
github.com/davecgh/go-spew v1.1.0
github.com/davecgh/go-spew v1.1.1
github.com/pmezard/go-difflib v1.0.0
github.com/stretchr/objx v0.1.0
github.com/stretchr/objx v0.1.1
github.com/stretchr/objx v0.4.0
github.com/stretchr/objx v0.5.0
github.com/stretchr/testify v1.6.1
github.com/stretchr/testify v1.7.1
github.com/stretchr/testify v1.8.0
github.com/stretchr/testify v1.8.1
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
gopkg.in/yaml.v3 v3.0.1

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Summary

https://github.com/cyclonedx/cyclonedx-go

Repository metadata:

Owner metadata:

GitHub Events

Total

Last Year

Committers metadata

Issue and Pull Request metadata

Top Issue Authors

Top Pull Request Authors

Top Issue Labels

Top Pull Request Labels

Package metadata

proxy.golang.org: github.com/CycloneDX/cyclonedx-go

proxy.golang.org: github.com/CyclonedX/cyclonedx-go

proxy.golang.org: github.com/cycloneDX/cyclonedx-go

proxy.golang.org: github.com/Cyclonedx/cyclonedx-go

proxy.golang.org: github.com/cyclonedx/cycloneDX-go

proxy.golang.org: github.com/CycloneDX/cyclOnedx-go

proxy.golang.org: github.com/CycloneDx/cyclonedx-go

proxy.golang.org: github.com/cyclonedx/cyclonedx-go

proxy.golang.org: github.com/cYcloneDX/cyclonedx-go

Dependencies