diff --git a/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json b/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json
index d8b5068f5cc0..281d3c4fcc30 100644
--- a/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json
+++ b/pkg/sbom/cyclonedx/testdata/happy/third-party-bom.json
@@ -46,7 +46,7 @@
     },
     {
       "bom-ref": "pkg:composer/pear/pear_exception@v1.0.0",
-      "type": "library",
+      "type": "framework",
       "name": "pear/pear_exception",
       "version": "v1.0.0",
       "purl": "pkg:composer/pear/pear_exception@v1.0.0"
diff --git a/pkg/sbom/cyclonedx/unmarshal.go b/pkg/sbom/cyclonedx/unmarshal.go
index 71a0ee27b640..de410d008794 100644
--- a/pkg/sbom/cyclonedx/unmarshal.go
+++ b/pkg/sbom/cyclonedx/unmarshal.go
@@ -166,7 +166,10 @@ func (b *BOM) unmarshalType(t cdx.ComponentType) (core.ComponentType, error) {
 		ctype = core.TypeContainerImage
 	case cdx.ComponentTypeApplication:
 		ctype = core.TypeApplication
-	case cdx.ComponentTypeLibrary:
+	// There are not many differences between a `library` and a `framework` components, and sometimes it is difficult to choose the right type.
+	// That is why some users choose `framework` type.
+	// So we should parse and scan `framework` components as libraries.
+	case cdx.ComponentTypeLibrary, cdx.ComponentTypeFramework:
 		ctype = core.TypeLibrary
 	case cdx.ComponentTypeOS:
 		ctype = core.TypeOS