From JSON to XML: Transforming SBOMs for Enhanced Software Insights through cyclonedx-cli tool

2 min readNov 13, 2023

In the evolving landscape of software development, the need for transparency and interoperability has never been more crucial than before. A software bill of material (SBOM) is a comprehensive inventory of a software application’s components. As organizations strive to enhance their understanding of software supply chains, the ability to convert SBOM formats becomes a pivotal aspect. In this blog post, we delve into the world of converting SBOMs, specifically transitioning from the widely used JSON format to the versatile XML.

CycloneDX is a lightweight software bill of materials (SBOM) standard for application security contexts and supply chain component analysis. It produces a standard way of describing components, their dependencies, and how they are assembled in a software application.

The CycloneDX CLI tool currently supports BOM analysis, modification, diffing, merging, format conversion, signing, and verification.

Command:

cyclonedx-cli convert — input-file sbom.json — output-file sbom.xml

This work has been supported in part by the Energy Transition Fund of the FPS Economy of Belgium through the CYPRESS project, and in part by the VLAIO COOCK program through the IIoT-SBOM project.

Thanks for reading.

Can Özkan

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cyclonedx

Sbom

Written by Can Özkan

15 Followers

1 Following

Security Researcher, Penetration Tester, and Reverse Engineer

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

More from Can Özkan

Can Özkan

InsecureBankv2.apk Android Walkthrough

In this blog post, I’ll embark on a comprehensive walkthrough of the InsecureBankv2 Android application, a purposely vulnerable app…

Nov 5, 2023

Damn Insecure Vulnerable Application (diva.apk) Walkthrough

Can Özkan

Damn Insecure Vulnerable Application (diva.apk) Walkthrough

Diva (Damn Insecure and Vulnerable Application), which is a deliberately insecure Android application designed for educational and testing…

Nov 5, 2023

How to Root an Android Device — Google Pixel 5

Can Özkan

How to Root an Android Device — Google Pixel 5

Rooting an Android device, such as your Google Pixel 5, can provide you with elevated privileges and more control over the device’s…

Nov 7, 2023

How to Consume an SBOM through OWASP Dependency Tracker

Can Özkan

How to Consume an SBOM through OWASP Dependency Tracker

In the dynamic landscape of modern software development, transparency, security, and accountability have become paramount. To address these…

Nov 6, 2023

See all from Can Özkan

Recommended from Medium

The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

Level Up Coding

Jacob Bennett

The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

Tools I use that are cheaper than Netflix

Jan 7

10.7K

261

Dependency-Track: First Steps into SBOM Analysis and Vulnerability Management

Dev Genius

Kostiantyn Illienko

Dependency-Track: First Steps into SBOM Analysis and Vulnerability Management

In today’s complex software landscape, understanding and managing software dependencies is critical to ensuring the security and…

Oct 13, 2024

Lists

Staff picks

827 stories1648 saves

Stories to Help You Level-Up at Work

19 stories948 saves

Self-Improvement 101

20 stories3355 saves

Productivity 101

20 stories2821 saves

How I Am Using a Lifetime 100% Free Server

Harendra

How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

Oct 26, 2024

9.4K

171

Mr.Research

Fundamentals of Python:

Python is high-level, interpreted, and general-purpose programming language known for its simplicity & readability.

Feb 11

CodeX

AI Rabbit

Goodbye Obsidian

Feb 6

1.1K

InfoSec Write-ups

loyalonlytoday

Finding the origin IP part 2

Learn a few techniques to find the origin IP

Mar 6

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams