A Cryptographic Bill of Materials (CBOM) is a structured inventory of all cryptographic materials discovered within a scanned binary image. BTP generates CBOMs in CycloneDX JSON format - an open standard for describing software and cryptographic assets in supply chains.Documentation Index
Fetch the complete documentation index at: https://docs.binarly.io/llms.txt
Use this file to discover all available pages before exploring further.
What Is Included
A BTP-generated CBOM includes:- Cryptographic algorithms - all detected implementations with class identifier, parameters, and location within the image
- Protocols - detected SSL/TLS protocol versions
- Certificates - X.509 certificates with issuer, subject, validity period, signature algorithm, and key parameters
- Keys - cryptographic key material with key type and size
- Component references - binary component within the image where each material was found
Generating a CBOM
Download the CBOM
Click the CBOM feature tag in the image grid row, or open the action menu and select Download CBOM.From the image detail view, Download CBOM is also available in the action menu.
Relationship to SBOM
The CBOM complements the SBOM by focusing on cryptographic materials rather than software components:| SBOM | CBOM | |
|---|---|---|
| Tracks | Libraries, packages, dependencies | Algorithms, certificates, keys |
| Format | CycloneDX or SPDX | CycloneDX |
| Use case | Software composition analysis | Cryptographic compliance and PQC readiness |
Post-Quantum Readiness
The CBOM provides an inventory of quantum-vulnerable algorithms (RSA, ECDSA, DSA, ECDH) for migration planning per NIST IR 8547. For compliance-focused reporting with per-algorithm migration guidance, see the PQC Compliance Report.Programmatic Access
- CBOM Report API - Endpoint reference
- Compliance Artifacts - Automation scripts