CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.
Example with Anchore Grype:
./grype defectdojo/defectdojo-django:1.13.1 -o cyclonedx > report.xml
pip install cyclonedx-bom
Usage: cyclonedx-py [OPTIONS]
-i <path> - the alternate filename to a frozen requirements.txt
-o <path> - the bom file to create
-j - generate JSON instead of XML
Sample Scan Data
Sample CycloneDX scans can be found here.