Path:
Home >
GB/T >
Page736 > GB/T 47020-2026
Price & Delivery
US$719.00 · In stock · Download in 9 secondsGB/T 47020-2026: Cybersecurity technology - Data format of software bill of materials
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 47020-2026 | English | 719 |
Add to Cart
|
5 days [Need to translate]
|
Cybersecurity technology - Data format of software bill of materials
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 47020-2026 (GB/T47020-2026) |
| Description (Translated English) | Cybersecurity technology - Data format of software bill of materials |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L80 |
| Classification of International Standard | 35.030 |
| Date of Issue | 2026-01-28 |
| Date of Implementation | 2026-08-01 |
GB/T 47020-2026: Cybersecurity technology - Data format of software bill of materials
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35.030
CCSL80
National Standards of the People's Republic of China
Cybersecurity technology software bill of materials data format
Published on 2026-01-28
Implemented on August 1, 2026
State Administration for Market Regulation
The State Administration for Standardization issued a statement.
Table of contents
Preface III
1.Scope 1
2 Normative References 1
3.Terms and Definitions 1
4.Abbreviations 2
5.Composition of the Software Bill of Materials 2
6.Software Bill of Materials (BOM) file format requirements 3
7.Software Bill of Materials Elements 3
Appendix A (Informative) Required Elements and Fields for Software Bill of Materials 19
Appendix B (Informative) Example Reference for Software Bill of Materials 21
References 30
Foreword
This document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents".
Drafting.
Please note that some content in this document may involve patents. The issuing organization of this document assumes no responsibility for identifying patents.
This document was proposed and is under the jurisdiction of the National Cybersecurity Standardization Technical Committee (SAC/TC260).
This document was drafted by. Information Center of the Ministry of Water Resources, Information Center of the National Energy Administration, Institute of Information Engineering of the Chinese Academy of Sciences, and China Southern Power Grid.
Digital China Networks Group Information and Communication Technology Co., Ltd., Xi'an Jiaotong University, China Electronics Technology Standardization Institute, China Academy of Railway Sciences
The Group's Electronic Computing Technology Research Institute, Hangzhou Moan Technology Co., Ltd., China Academy of Information and Communications Technology, and Tianyi Security Technology Co., Ltd.
The company, Huawei Technologies Co., Ltd., JD Technology Information Technology Co., Ltd., Alibaba Cloud Computing Co., Ltd., and Shenzhou Netcom Technology Co., Ltd.
Sangfor Technologies Inc., Ant Group Corporation, Guangxi Power Grid Co., Ltd., and China Construction Bank Corporation
Limited Liability Company, Soft Security Technology Co., Ltd., Hangzhou Xiaodao Technology Co., Ltd., Shenzhen Open Source Internet Security Technology Co., Ltd., Hangzhou Anheng Information
Technology Co., Ltd., National Computer Network Emergency Response Technical Team/Coordination Center, Zhejiang Provincial Water Resources Information and Publicity Center, Beijing Topsec.com
Network Security Technology Co., Ltd., ZTE Corporation, China South-to-North Water Diversion Group East Route Co., Ltd., China Software Testing Center
Chongqing Changan Automobile Co., Ltd., Yangtze River Water Resources Commission Network and Information Center, Kylin Software Co., Ltd., and Qi An Xin Wang Shen Information Technology Co., Ltd.
Technology (Beijing) Co., Ltd., State Grid Siji Network Security Technology (Beijing) Co., Ltd., National Information Technology Security Research Center, China Southern Power Grid Technology
The Institute of Science and Technology Co., Ltd., the Haihe River Water Conservancy Commission of the Ministry of Water Resources, and Suzhou Prism Colorful Information Technology Co., Ltd.
The main drafters of this document are. Fu Jing, Zhan Quanzhong, Shen Zhibin, Zhang Chao, Zou Xi, Dai Yicong, Wu Tong, Liu Yuling, Jiang Zhengwei, Yao Yepeng, and Fan Zijing.
Liu Jiahao, Wang Haijun, Liu Ting, Yao Xiangzhen, Wang Huili, Zhang Weilun, He Juan, Shen Xiyong, Meng Jin, Man Hongpeng, Lin Qian, Li Wei, Guo Xue, Wu Jiangwei
Fang Yu, Liang Wei, Chen Kuiqiang, Liu Haijun, Zheng Weina, Tian Kai, Fang Qiang, Niu Mingzhu, Kong Yong, Bai Xiaoyuan, Cheng Yan, Xie Ming, Zeng Mingfei, Chen Defeng
Wu Meng, Zhu Hui, Wu Juhua, Xu Feng, Fan Binghua, Wang Jie, Wang Jie, Shen Rongya, Wang Huibo, Lin Xingchen, Wei Jie, Luo Xiaolong, Kou Zengjie, Zhang Jinxin
Yin Lingling, Yang Xu, Wang Xinlei, Yuan Wei, Sun Kangjian, Li Peng, Deng Ye, Li Xin, Wang Zhen, Dong Guowei, Zhang Chunguang, Li Zhiqi, Zhang Zhijun, Liu Hongyun
Xu Chuanmao, Du Jinran, Zong Huali, Liang Dagong, Huang Haodong.
Cybersecurity technology software bill of materials data format
1 Scope
This document specifies the data format for the software bill of materials (BOM), including the composition of the software BOM, the file format requirements for the software BOM, and the software...
Bill of Materials elements, as well as the attributes and attribute value formats of each element in the software bill of materials.
This document is intended to guide stakeholders in the software supply chain in generating, sharing, and using software bill of materials information.
2 Normative references
The contents of the following documents, through normative references within the text, constitute essential provisions of this document. Dated citations are not included.
For references to documents, only the version corresponding to that date applies to this document; for undated references, the latest version (including all amendments) applies.
This document.
GB/T 25069-2022 Terminology for Information Security Technologies
3 Terms and Definitions
The terms and definitions defined in GB/T 25069-2022, as well as the following terms and definitions, apply to this document.
3.1
software products
Software embedded in computer software, information systems, or devices provided to users, or software used in the provision of computer information system integration and application services.
Computer software provided during technical services.
[Source. GB/T 36475-2018, 3.1.1]
3.2
A list of all components, files, and open-source code snippets included in the software, as well as internal and external dependencies and security information.
describe.
Note. The software bill of materials includes basic software information, software composition information, external dependency information, security information, and signature information.
[Source. GB/T 43698-2024, 3.8, with modifications]
3.3
Application services that are not inherent to the software itself and provide the necessary functions for the software to run via the network.
Note. External network services include domain name services, CDN services, email sending, SMS sending, push notifications, payment interfaces, and other services.
3.4
artifact
A physical component of information used or generated by a software development or maintenance process.
Note. Instances of artifacts include models, source files, text files, and binary executables. Artifacts constitute the implementation of deployable components.
[Source. GB/T 42560-2023, 3.1.1]
...
