cyclonedx-bom

v0.8.1 Growing

CycloneDX Software Bill of Materials Library

Apache-2.0 Edition 2021 MSRV 1.85.0

Encoding Parser implementations #dependencies#components#bom#owasp#sbom

GitHub ↗ crates.io ↗ Compare with…

Quick Verdict

✓Actively maintained (updated 67d ago)
!Pre-1.0: API may have breaking changes
✓Trusted by 220 crates
✓Permissive license (Apache-2.0)

Security

Checking security advisories...

Downloads

1.2M

Dependents

220

Releases

Size

189KB

Deep Insights

📊

Steady growth

247.5K downloads in the last 30 days (8.3K/day), up 14% from the previous period.

🔗

Moderate adoption

220 crates depend on cyclonedx-bom. Reasonable ecosystem adoption, though not yet a core dependency.

🔬

Pre-1.0 for over a year

Despite being 6+ years old, cyclonedx-bom hasn't reached 1.0 yet. Expect potential API changes between versions.

🌟

Used by top crates

Notable dependents include cargo-cyclonedx, libcnb, sbom-walker, uv-resolver, hipcheck. When high-quality crates choose cyclonedx-bom, it's a strong quality signal.

Health Breakdown

Maintenance 14/25

Recency, release consistency, active ratio

Quality 11/25

Yanked ratio, deps, size, maturity, features

Community 16/20

Reverse deps, ownership, ecosystem

Popularity 7/15

Downloads, momentum, growth trend

Documentation 12/15

Docs, repo, license, metadata

Download Trend

Daily downloads · last 90 days

7K/day avg+34%

Top Dependents

Most downloaded crates that depend on cyclonedx-bom

Version Adoption

v0.8.0

63%

v0.8.1

27%

v0.6.2

v0.7.0

v0.4.3

Release Timeline

10 releasessince 2022

2022

2023

2024

2025

2026

Less

README

Loading README...

Maintainers

Dependencies

direct dependencies