Skip to content
/ standard-bom-java Public

A Java library for creating and consuming SBOMs in Standard BOM format

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

siemens/standard-bom-java

BranchesTags

Repository files navigation

build codecov Maven Central

Standard BOM for Java

A Java library for creating and consuming documents in standard-bom format. "Standard BOM" is our Siemens-internal SBOM format. Every Standard BOM document is a 100% CycloneDX document, so consumers who do not know about Stanard BOM can just treat it as CycloneDX and be happy.

Build script config

In order to use the Java library in your project, add it to your Gradle or Maven build. We publish on Maven Central, so no special configuration is needed.

Gradle

dependencies {
    implementation 'com.siemens.sbom.standardbom:standard-bom:4.1.2'
}

Maven

<dependency>
    <groupId>com.siemens.sbom.standardbom</groupId>
    <artifactId>standard-bom</artifactId>
    <version>4.1.2</version>
</dependency>

Usage

The API is described in detail in the Javadoc documentation.

Here are some examples:

  • Read a Standard BOM from an input stream: 
    StandardBom bom = null;
try (InputStream is = getClass().getResourceAsStream("standard-bom.json")) {
    bom = new StandardBomParser().parse(is);
}
  • Read a Standard BOM from a file: 
    File bomFile = new File("/path/to/standard-bom.json");
StandardBom bom = new StandardBomParser().parse(bomFile);

The StandardBomParser will handle the format of the JSON file. If it is older than the current format, it will convert it to the current DTOs. Using the StandardBomParser, you always get the current DTOs. If the input file is too old, a StandardBomException will result.

  • Write a Standard BOM to a file: 
    StandardBom bom = ...;
File outputFile = new File("/path/to/standard-bom.json");
new StandardBomParser().save(bom, outputFile);
  • Write a Standard BOM to a String: 
    StandardBom bom = ...;
String json = new StandardBomParser().stringify(bom);

The output format will always be the current version of the format.

Development

In order to build this library on your local PC, and/or contribute to this library, mind the following prerequisites:

  1. Java - make sure JDK 8 is available on your system, and the JAVA_HOME environment variable points to it.

  2. Gradle environment variable - GRADLE_USER_HOME should be set globally to a directory like C:/Users/xxxx/.gradle (xxxx being your user ID; you might want to use backslashes on Windows). Create the directory if it doesn't exist.
    Note that you must not install Gradle manually. If you have a manual Gradle installation on your machine, remove it.

Run the build by executing

./gradlew clean build

License

The Standard BOM library for Java is Open Source under the MIT license (SPDX-License-Identifier: MIT).

Copyright (c) Siemens AG 2019-2025 ALL RIGHTS RESERVED

About

A Java library for creating and consuming SBOMs in Standard BOM format

Topics

java java-library bill-of-materials software-bill-of-materials sbom cyclonedx sbom-generator sbom-parser cyclonedx-sbom

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases 1

v4.1.2 Latest
Mar 6, 2025

Contributors 2

Languages