.. _cdx:

*********
CycloneDX
*********

The CycloneDX specification is initiated by `OWASP <https://owasp.org>`_ and is focused on creating security context. It allows identifying known vulnerabilities in components using `CPE <https://nvd.nist.gov/products/cpe>`_, `SWID <https://nvd.nist.gov/products/swid>`_, and `PURL <https://github.com/package-url/purl-spec>`_ fields.

For more detail, please see the `OWASP Vulnerability Naming Schemes <https://owasp.org/www-project-web-security-testing-guide/latest/5-Reporting/02-Naming_Schemes>`_ and `CycloneDX <https://cyclonedx.org>`_ official documentation.