Software Bill of Materials
The Software Bill of Materials (SBOM) is a formal, structured inventory of the components and dependencies used in Axiomatics Policy DevOps (APD). It provides you with essential transparency into our products, enabling quick identification and mitigation of security vulnerabilities and risks.
APD utilizes industry-standard SBOM formats to ensure compatibility and tool integration, specifically providing SBOMs using SPDX and CycloneDX. The former prioritizes licensing compliance and comprehensive legal due diligence, while the latter focuses on security and vulnerability management.
We enhance these SBOMs by enriching them with current vulnerability information for all currently released APD versions.
While the SBOMs contain license information for individual components, this data may sometimes be inconsistent with the Licenses section of this documentation, which should always be considered the source of truth.
Download the SBOMs
Set up your AWS CLI account and run the following commands in your terminal to download the SBOM in both the SPDX and CycloneDX formats.
- SPDX
- Cyclone DX
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/alfa/test/axiomatics-policy-devops-bundle/1.1.0/axiomatics-policy-devops-bundle-1.1.0-sbom-spdx2-enriched.json axiomatics-policy-devops-bundle-1.1.0-sbom-spdx2-enriched.json
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/alfa/test/axiomatics-policy-devops-bundle/1.1.0/axiomatics-policy-devops-bundle-1.1.0-sbom-cyclonedx-enriched.json axiomatics-policy-devops-bundle-1.1.0-sbom-cyclonedx-enriched.json