Skip to content
|
Kong Mesh
2.7.x LTS
github-edit-pageEdit this page
report-issueReport an issue
You are browsing documentation for an older version. See the latest documentation here.

Software Bill of Materials

A software bill of materials (SBOM) is an inventory of all software components (proprietary and open source), open source licenses, and dependencies in a given product. A software bill of materials (SBOM) provides visibility into the software supply chain and any license compliance, security, and quality risks that may exist.

Starting in Kong Mesh 2.7.4, we are generating SBOMs for Kong Mesh and Docker container images.

  1. Download security assets for the latest version of Kong Mesh

  2. Extract the downloaded security-assets.tar.gz

     tar -xvzf security-assets.tar.gz

  3. Access the below SBOMs:

    • sbom.spdx.json and sbom.cyclonedx.json are the SBOM files for binaries built from Kong Mesh
    • image_<image_name>-*.spdx.json and image_<image_name>-*.cyclonedx.json are the SBOM files for docker container images of Kong Mesh