SPDX (Software Package Data Exchange) and CycloneDX are industry-standard formats for encoding Software Bill of Materials (SBOMs). SPDX, managed by the Linux Foundation, is primarily focused on software license compliance and documentation. CycloneDX, developed by the OWASP Foundation, emphasizes security, vulnerability tracking, and risk analysis. Both formats help organizations identify, manage, and mitigate risks associated with third-party components in software supply chains. By providing structured, machine-readable information about software components, their origins, and associated metadata, SPDX and CycloneDX support transparency, regulatory compliance, and improved security posture in modern software development and deployment processes.