Skip to main content
Version: 26.1

Vulnerabilities report

Download a comprehensive vulnerabilities analysis report for the Authorization Hub.

note

This procedure requires a configured AWS CLI account. For setup instructions, refer to the Deployment section.

  1. Execute the following AWS CLI command in the terminal to download the vulnerabilities report files from S3:

    aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-service/1.0.2/hub-service-1.0.2-cve.html && \
    aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/console-api-gateway/2.1.1/console-api-gateway-2.1.1-cve.html && \
    aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-keycloak/1.1.2/hub-keycloak-1.1.2-cve.html  && \
    aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/authorization-domain-manager/authorization-domain-manager/1.4.3/authorization-domain-manager-1.4.3-cve.html

  2. Open the report using any internet browser.

Software Bill of Materials

The Software Bill of Materials (SBOM) is a formal, structured inventory of the components and dependencies used in the Authorization Hub. It provides you with essential transparency into our products, enabling quick identification and mitigation of security vulnerabilities and risks.

The Authorization Hub utilizes industry-standard SBOM formats to ensure compatibility and tool integration, specifically providing SBOMs using SPDX and CycloneDX. The former prioritizes licensing compliance and comprehensive legal due diligence, while the latter focuses on security and vulnerability management.

We enhance these SBOMs by enriching them with current vulnerability information for all currently released Authorization Hub versions.

Download the SBOMs

Set up your AWS CLI account and run the following commands in your terminal to download the SBOM in both the SPDX and CycloneDX formats.

aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-service/1.0.2/hub-service-1.0.2-sbom-spdx2-enriched.json hub-service-1.0.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/console-api-gateway/2.1.1/console-api-gateway-2.1.1-sbom-spdx2-enriched.json console-api-gateway-2.0.1-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-keycloak/1.1.2/hub-keycloak-1.1.2-sbom-spdx2-enriched.json hub-keycloak-1.1.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/authorization-domain-manager/authorization-domain-manager/1.4.3/authorization-domain-manager-1.4.3-sbom-spdx2-enriched.json authorization-domain-manager-1.4.3-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/attribute-connectors-fe/attribute-connectors-fe/1.76.6/attribute-connectors-fe-1.76.6-sbom-spdx2-enriched.json attribute-connectors-fe-1.76.6-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/dashboard-mfe/dashboard-mfe/2.0.6/dashboard-mfe-2.0.6-sbom-spdx2-enriched.json dashboard-mfe-2.0.6-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/dictionary-fe/dictionary-fe/2.13.2/dictionary-fe-2.13.2-sbom-spdx2-enriched.json dictionary-fe-2.13.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/domain-management-fe/domain-management-fe/1.24.2/domain-management-fe-1.24.2-sbom-spdx2-enriched.json domain-management-fe-1.24.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-admin-fe/hub-admin-fe/1.25.3/hub-admin-fe-1.25.3-sbom-spdx2-enriched.json hub-admin-fe-1.25.3-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-header-mfe/hub-header-mfe/2.6.3/hub-header-mfe-2.6.3-sbom-spdx2-enriched.json hub-header-mfe-2.6.3-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-navbar-mfe/hub-navbar-mfe/1.13.2/hub-navbar-mfe-1.13.2-sbom-spdx2-enriched.json hub-navbar-mfe-1.13.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-policy-insights-mfe/hub-policy-insights-mfe/1.15.5/hub-policy-insights-mfe-1.15.5-sbom-spdx2-enriched.json hub-policy-insights-mfe-1.15.5-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-projects-mfe/hub-projects-mfe/1.13.1/hub-projects-mfe-1.13.1-sbom-spdx2-enriched.json hub-projects-mfe-1.13.1-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-service-aggregator/hub-service-aggregator/3.10.1/hub-service-aggregator-3.10.1-sbom-spdx2-enriched.json hub-service-aggregator-3.10.1-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/hub-singlespa-root/hub-singlespa-root/2.6.148/hub-singlespa-root-2.6.148-sbom-spdx2-enriched.json hub-singlespa-root-2.6.148-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/policy-management-fe/policy-management-fe/1.59.7/policy-management-fe-1.59.7-sbom-spdx2-enriched.json policy-management-fe-1.59.7-sbom-spdx2-enriched.json