#cyclone-dx #serde #sbom #serialization


Serde serialization for CycloneDx files

15 releases (8 breaking)

new 0.9.1 Jul 9, 2024
0.8.4 Jul 13, 2023
0.7.2 Jul 10, 2023

#882 in Encoding

Download history 423/week @ 2024-03-13 285/week @ 2024-03-20 280/week @ 2024-03-27 322/week @ 2024-04-03 425/week @ 2024-04-10 298/week @ 2024-04-17 292/week @ 2024-04-24 301/week @ 2024-05-01 317/week @ 2024-05-08 262/week @ 2024-05-15 297/week @ 2024-05-22 349/week @ 2024-05-29 405/week @ 2024-06-05 346/week @ 2024-06-12 223/week @ 2024-06-19 382/week @ 2024-06-26

1,446 downloads per month
Used in cargo-sbom

MIT license

106 lines

Workflow Status


This crate provides a type safe serde compatible CycloneDx format. It is intended for use in Rust code which may need to read or write CycloneDx files.

The latest documentation can be found here.

serde is a popular serialization framework for Rust. More information can be found on the official repository: https://github.com/serde-rs/serde

CycloneDx is an industry standard format for maintaining a Software Bill of Materials (SBOM). More information can be found on the official website: https://cyclonedx.org/.


For most cases, simply use the root cyclonedx::v_1_4::CycloneDx struct with [serde] to read and write to and from the struct.


use serde_cyclonedx::cyclonedx::v_1_4::CycloneDx;

let data = fs::read_to_string("sbom.cyclonedx.json");
let cyclonedx: CycloneDx = serde_json::from_str(&data).unwrap();

Because many of the cyclonedx::v_1_4::CycloneDx structures contain a lot of optional fields, it is often convenient to use the builder pattern to contstruct these structs. Each structure has a builder with a default.


use serde_cyclonedx::cyclonedx::v_1_4::CycloneDxBuilder;

let cyclonedx = CycloneDxBuilder::default()

Internal Implementation Details

The root struct is automatically generated from the parsed CycloneDX JSON schemas, this is done at build time (via the buildscript).

License: MIT


~46K SLoC