diff --git a/in_toto/model.go b/in_toto/model.go
index 9a5fa433..25e12c03 100644
--- a/in_toto/model.go
+++ b/in_toto/model.go
@@ -79,6 +79,8 @@ const (
 	// The SPDX mandates 'spdxVersion' field, so predicate type can omit
 	// version.
 	PredicateSPDX = "https://spdx.dev/Document"
+	// PredicateCycloneDX represents a CycloneDX SBOM
+	PredicateCycloneDX = "https://cyclonedx.org/schema"
 	// PredicateLinkV1 represents an in-toto 0.9 link.
 	PredicateLinkV1 = "https://in-toto.io/Link/v1"
 )
@@ -1008,6 +1010,16 @@ type SPDXStatement struct {
 	Predicate interface{} `json:"predicate"`
 }
 
+/*
+CycloneDXStatement defines a cyclonedx sbom in the predicate. It is not
+currently serialized just as its SPDX counterpart. It is an empty
+interface, like the generic Statement.
+*/
+type CycloneDXStatement struct {
+	StatementHeader
+	Predicate interface{} `json:"predicate"`
+}
+
 /*
 DSSESigner provides signature generation and validation based on the SSL
 Signing Spec: https://github.com/secure-systems-lab/signing-spec