QCecuring - Enterprise Security Solutions

SPDX BOM Format

CBOM

QCecuring supports SPDX format for cryptographic asset documentation alongside CycloneDX CBOM output.

View docs

Overview

QCecuring supports the SPDX (Software Package Data Exchange) format for documenting cryptographic assets alongside its native CycloneDX CBOM support. This enables organizations using SPDX-based toolchains to incorporate cryptographic inventory data into their existing BOM workflows.

Key capabilities

  • Export cryptographic asset inventory in SPDX-compatible format.
  • Map cryptographic properties to SPDX security and licensing metadata.
  • Support for SPDX 2.3 and 3.0 formats.
  • Dual export capability — generate both CycloneDX CBOM and SPDX from the same discovery data.

Typical use cases

  • Organizations already using SPDX for software bill of materials who need to add crypto inventory.
  • Compliance programs requiring SPDX-formatted documentation for regulatory submissions.
  • Supply chain security programs that standardize on SPDX across vendors.

High-level integration flow

  1. QCecuring discovers cryptographic assets using its scanning modules.
  2. Assets are mapped to SPDX-compatible data structures.
  3. SPDX documents are generated alongside CycloneDX CBOM output.
  4. Both formats can be published to artifact repositories or compliance systems.

Need help integrating QCecuring with SPDX BOM Format?

Talk to an Engineer ← All Integrations

Ready to Secure Your Enterprise?

Experience how our cryptographic solutions simplify, centralize, and automate identity management for your entire organization.

Request a Demo Talk to Sales

Stay ahead on cryptography & PKI

Get monthly insights on certificate management, post-quantum readiness, and enterprise security. No spam.

We respect your privacy. Unsubscribe anytime.