旧バージョンのドキュメントを参照しています。最新のドキュメントはこちらをご参照ください。

Software Bill of Materials

A software bill of materials (SBOM) is an inventory of all software components (proprietary and open source), open source licenses, and dependencies in a given product. A software bill of materials (SBOM) provides visibility into the software supply chain and any license compliance, security, and quality risks that may exist.

Starting in Kong Mesh 2.7.4, we are generating SBOMs for Kong Mesh and Docker container images.

Download security assets for the latest version of Kong Mesh
Extract the downloaded security-assets.tar.gz
```
 tar -xvzf security-assets.tar.gz
```
Access the below SBOMs:
- sbom.spdx.json and sbom.cyclonedx.json are the SBOM files for binaries built from Kong Mesh
- image_<image_name>-*.spdx.json and image_<image_name>-*.cyclonedx.json are the SBOM files for docker container images of Kong Mesh