You are browsing unreleased documentation. See the latest documentation here.
Software Bill of Materials
A software bill of materials (SBOM) is an inventory of all software components (proprietary and open source), open source licenses, and dependencies in a given product. A software bill of materials (SBOM) provides visibility into the software supply chain and any license compliance, security, and quality risks that may exist.
Starting in Kong Mesh 2.7.4, we are generating SBOMs for Kong Mesh and Docker container images.
-
Download security assets for the latest version of Kong Mesh
-
Extract the downloaded
security-assets.tar.gz
tar -xvzf security-assets.tar.gz
-
Access the below SBOMs:
-
sbom.spdx.json
andsbom.cyclonedx.json
are the SBOM files for binaries built from Kong Mesh -
image_<image_name>-*.spdx.json
andimage_<image_name>-*.cyclonedx.json
are the SBOM files for docker container images of Kong Mesh
-