Working with CycloneDX and Tidelift

Tidelift has the ability to work with CycloneDX formatted software bills of materials (SBOMs). Working with CycloneDX formatted SBOMs allows for the option to import SBOMs generated from third party tools and/or those provided by vendors. Centralizing SBOMs in Tidelift provides a powerful way to understand and track your organization's software usage and risks.

A CycloneDX SBOM can be uploaded into Tidelift by doing either of the following:

  • Performing an alignment in a directory containing a CycloneDX formatted SBOM with the Tidelift CLI
  • Uploading a CycloneDX formatted SBOM into Tidelift via the Tidelift UI

Generating a CycloneDX formatted SBOM from docker

To generate a CycloneDX file by running docker (or for a vendor to create a CycloneDX file to send to your team), see

Uploading a CycloneDX formatted SBOM into the Tidelift UI

Alternatively, you can upload any other CycloneDX file (cyclonedx.json, cyclonedx.xml):

  1. Sign into Tidelift and click on Projects
  2. On the Projects page, select Create new project in the righthand corner
  3. After naming your project (Note: For CycloneDX formatted SBOMs, it must have the exact name of either: cyclonedx.json or cyclonedx.xml), select Next
  4. From the new dialogue window, you can upload your CycloneDX formatted SBOM via the Upload files button


Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section