A Java library for creating and consuming documents in standard-bom format. "Standard BOM" is our Siemens-internal SBOM format. Every Standard BOM document is a 100% CycloneDX document, so consumers who do not know about Standard BOM can just treat it as CycloneDX and be happy.
In order to use the Java library in your project, add it to your Gradle or Maven build. We publish to Maven Central, so no special configuration is needed.
Gradle
dependencies {
implementation 'com.siemens.sbom.standardbom:standard-bom:4.2.1'
}Maven
<dependency>
<groupId>com.siemens.sbom.standardbom</groupId>
<artifactId>standard-bom</artifactId>
<version>4.2.1</version>
</dependency>The API is described in detail in the Javadoc documentation.
Here are some examples:
- Read a Standard BOM from an input stream:
StandardBom bom = null; try (InputStream is = getClass().getResourceAsStream("standard-bom.json")) { bom = new StandardBomParser().parse(is); }
- Read a Standard BOM from a file:
File bomFile = new File("/path/to/standard-bom.json"); StandardBom bom = new StandardBomParser().parse(bomFile);
The StandardBomParser will handle the format of the JSON file. If it is older than the current format, it will
convert it to the current DTOs. Using the StandardBomParser, you always get the current DTOs. If the input file is
too old, a StandardBomException will result.
- Write a Standard BOM to a file:
StandardBom bom = ...; File outputFile = new File("/path/to/standard-bom.json"); new StandardBomParser().save(bom, outputFile);
- Write a Standard BOM to a String:
StandardBom bom = ...; String json = new StandardBomParser().stringify(bom);
The output format will always be the current version of the format.
In order to build this library on your local PC, and/or contribute to this library, mind the following prerequisites:
-
Java - make sure both JDK 8 and JDK 17 are available on your system. The
JAVA_HOMEenvironment variable should point to the JDK17, because it is used by Gradle. JDK8 is needed for compilation. -
Gradle - We use the Gradle Wrapper, so there is nothing to install.
Run the build by executing
./gradlew clean build
The Standard BOM library for Java is Open Source under the MIT license (SPDX-License-Identifier: MIT).
Copyright (c) Siemens AG 2019-2026 ALL RIGHTS RESERVED