Organizations can be attached to components as well as the SBOM itself using several roles (manufacturer, supplier, ...) in CycloneDX SBOMs.
The organization elements can be used as top-level elements and
be given an id so they can be later referred to via
the refid attribute -
see the
Ant manual.
| Attribute | Description | Required |
|---|---|---|
| name | The name of the organization. | No |
Nested url-resources
named url can be used to specify the URL(s) of the
organization.
Below is an organization that would describe the Ant dev team.
<cdx:organization
name="Apache Ant Development Team"
id="ant-team"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<url url="https://ant.apache.org/"/>
</cdx:organization>