ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

SBOM-EDI

The structured inventory of software dependencies — Executive Order 14028 requirement.

Definition

Mandated by Executive Order 14028 (Biden, May 2021) for any software bought by the US government. Recognised formats: SPDX 2.3 (ISO/IEC 5962:2021), CycloneDX 1.5 (OWASP), SWID (ISO/IEC 19770-2). For an EDI vendor, CI SBOM generation on every build, Grype/Trivy vulnerability scan, Sigstore signing.

Origin

Old concept (RPM/DEB metadata from the 1990s) formalised by NTIA in 2020-2021.

Example in context

An EDIFACT translator published with a CycloneDX SBOM listing its 247 Maven dependencies.

Last updated: May 14, 2026