cyclonedx-python-lib has 29.8M monthly downloads and 113 GitHub stars. Version 11.11.0 supports Python <4.0,>=3.9, first published in 2021.
It is actively maintained under a permissive license, last released in Jun 2026.
It is built on top of license-expression, packageurl-python and py-serializable. It is used by 64 tracked packages, including pip-audit, checkov and cyclonedx-bom.
GitHub topics include owasp, bom and spdx.
Package Insights
((week_daily_avg - month_daily_avg) / month_daily_avg) * 100Weekly Downloads
GitHub Stars
Downloads by OS
Python Versions
Top Countries
Dependencies
- license-expression <31,>=30
- packageurl-python <2,>=0.11
- py-serializable <3.0.0,>=2.1.0
- sortedcontainers <3.0.0,>=2.4.0
- typing-extensions <5.0,>=4.6
3 optional dependencies
- jsonschema[validation]
- lxml[validation]
- referencing[validation]
Used By
- pip-audit
- checkov
- cyclonedx-bom
- jake
- scanoss
- cisco-aibom
- modelaudit
- agent-bom
- fosslight-util
- fluid-labels
- xyz-strata
- cyclonedx-editor-validator
- aisbom-cli
- imbi-api
- quirk-scanner
- odg-core-libs
- s1-shift-left-cli
- dfetch
- capycli
- scancodeio
- ossbom
- cyclonedx-buildroot
- ts-scan
- siemens-standard-bom
- surfactant
- mobster
- veritensor
- finite-state-sdk
- otupy
- ossprey
- pypi-tea
- venturalitica
- choppr
- fluid-sbom
- vilocify-sdk
- skillfortify
- ai-infrastructure-artifacts-repo
- vexy
- pacli-tool
- pqcheck
- sbomify-action
- ludvig
- idp-pip-audit
- it-depends
- cra-scanner
- sbomgrader
- cryptohound
- dt-sbom-scanner
- s1-cns-cli
- coreason-auditor