Skip to main content
SCANOSS supports generating Software Bill of Materials (SBOMs) in multiple industry-standard formats, enabling integration with a wide range of tools and workflows. SBOM generation is available via the command-line interface, desktop application, and CI/CD pipeline integrations.

Supported Formats

The following SBOM formats are supported across all SCANOSS tooling:
  • CycloneDX — Industry-standard format for software supply chain component analysis.
  • SPDX Lite — A lightweight variant of the Software Package Data Exchange (SPDX) standard.
  • Plain JSON — Raw SCANOSS scan output in JSON format. This reflects the native structure of SCANOSS scan results and is not tied to an external schema.
  • CSV — Tabular format suitable for reporting pipelines, data processing, or spreadsheet analysis.