SBOM::CycloneDX - Perl extension for CycloneDX

Synopsis

my $bom = SBOM::CycloneDX->new;

my $root_component = SBOM::CycloneDX::Component->new(
    type     => 'application',
    name     => 'MyApp',
    licenses => [SBOM::CycloneDX::License->new('Artistic-2.0')],
    bom_ref  => 'MyApp'
);

my $metadata = $bom->metadata;

$metadata->tools->add(cyclonedx_tool);

$metadata->component($root_component);

my $component1 = SBOM::CycloneDX::Component->new(
    type     => 'library',
    name     => 'some-component',
    group    => 'acme',
    version  => '1.33.7-beta.1',
    licenses => [SBOM::CycloneDX::License->new(name => '(c) 2021 Acme inc.')],
    bom_ref  => '[email protected]',
    purl     => URI::PackageURL->new(
        type      => 'generic',
        namespace => 'acme',
        name      => 'some-component',
        version   => '1.33.7-beta.1'
    ),
);

$bom->components->add($component1);
$bom->add_dependency($root_component, [$component1]);

my $component2 = SBOM::CycloneDX::Component->new(
    type     => 'library',
    name     => 'some-library',
    licenses => [SBOM::CycloneDX::License->new(expression => 'GPL-3.0-only WITH Classpath-exception-2.0')],
    bom_ref  => 'some-lib',
);

$bom->components->add($component2);
$bom->add_dependency($root_component, [$component2]);

my @errors = $bom->validate;

if (@errors) {
    say $_ for (@errors);
    Carp::croak 'Validation error';
}

say $bom->to_string;

Install

Using Makefile.PL:

To install SBOM-CycloneDX distribution, run the following commands.

perl Makefile.PL
make
make test
make install

Using App::cpanminus:

cpanm SBOM::CycloneDX

Documentation

• perldoc SBOM::CycloneDX
• https://metacpan.org/release/SBOM-CycloneDX
• https://cyclonedx.org/

Copyright

• Copyright 2025 © Giuseppe Di Terlizzi