https://github.com/cyclonedx/official-3rd-party-standards

A collection of machine-readable third-party standards and requirements in CycloneDX format
https://github.com/cyclonedx/official-3rd-party-standards

compliance compliance-automation maturity-model requirements security-requirements standard

Last synced: about 2 months ago
JSON representation

A collection of machine-readable third-party standards and requirements in CycloneDX format

• Host: GitHub
• URL: https://github.com/cyclonedx/official-3rd-party-standards
• Owner: CycloneDX
• Created: 2023-06-27T19:32:23.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-04-11T23:14:49.000Z (about 2 months ago)
• Last Synced: 2025-04-12T00:20:10.939Z (about 2 months ago)
• Topics: compliance, compliance-automation, maturity-model, requirements, security-requirements, standard
• Language: Python
• Homepage: https://cyclonedx.org
• Size: 291 KB
• Stars: 6
• Watchers: 6
• Forks: 2
• Open Issues: 4
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Official Third‑Party Standards & Requirements

This repository contains official third-party standards that have been transformed into CycloneDX v1.6 requirements.

These requirements are intended to document compliance to a standard in a machine readable format that is consistent with

the CycloneDX specification.

---

## What is this repository?

|         |                                                                                                                                                                                                                                                                                            |

|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

| **Purpose**  | Provide a single, machine‑readable catalogue of well‑known open standards that have been mapped into the [CycloneDX v1.6](https://cyclonedx.org/) *requirements* model.                                                                                                                         |

| **Why**      | • Enables tool‑chains to import a standard **as a BOM**, verify controls automatically, and report compliance.
• Eliminates one‑off parsers for every PDF, spreadsheet or bespoke XML format.
• Keeps the source of truth under version control so updates are transparent and traceable. |

| **Audience** | Security engineers, compliance teams, CycloneDX ecosystem tools, CI/CD pipelines.                                                                                                                                                                                                               |

---

## Repository layout

```text

standards/

├─ /

│  └─ /

│     └─ .cdx.json   # CycloneDX requirement BOMs

└─ feed.json               # JSON Feed 1.1 catalogue (auto‑generated)

```

## The catalogue feed (`standards/feed.json`)

* **Format:** [JSON Feed 1.1](https://www.jsonfeed.org/version/1.1) with a small CycloneDX extension.

* **Deployed URL:** [https://cyclonedx.org/standards/feed.json](https://cyclonedx.org/standards/feed.json)

## Contributing a new standard

Create standards///.

Add the CycloneDX requirement BOM as -.cdx.json.

Open a pull request.

Once merged, the feed updates automatically.

## License & usage

### Repository

The scripts, workflow files, and overall repository structure are licensed under the

Apache License 2.0. See LICENSE for details.

### Individual standards

Each standard included here retains the license designated by its original publisher.

That license is declared inside the corresponding *.cdx.json file (usually in `metadata.licenses`).

Before redistributing or embedding a particular standard, review and comply with the terms in that file.