Skip to content

[FEATURE]: Standard grouping (CBOM related) #669

New issue
New issue
Open
Enhancement
Open
[FEATURE]: Standard grouping (CBOM related)#669
Enhancement
Labels
proposed core enhancement
Milestone
2.0
@stevespringett

Description

@stevespringett
stevespringett
opened on Aug 7, 2025

There is a need to group cryptographic assets (possibly others) into a standard.

For example, the following can currently be represented:

  • Use of a cryptographic algorithm for encryption (e.g. AES-256)
  • Use of a cryptographic algorithm for signing (HS-256)
  • Use of a token defined in relatedCryptoMaterial

What cannot be represented is the overall "standard" that these are part of. In this case JOSE. The current workaround is to leverage CycloneDX Properties.

Grouping these together into a standard would provide much more context into how these three seemingly independent components are used.

This was discussed in the CycloneDX Cryptography Working Group call on 2025-08-07.

cc: @IanDeaks, @n1ckl0sk0rtge, @bhess

Metadata

Metadata

Assignees

No one assigned

    Labels

    proposed core enhancement

    Type

    Enhancement

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions