Vulnerabilities report
A comprehensive vulnerability analysis report for each Axiomatics Services Manager (ASM) component is included in the ASM distribution ZIP file. To view a report:
- Navigate to the
3rd_partydirectory - Open the desired component's HTML file in your web browser.
Software Bill of Materials
The Software Bill of Materials (SBOM) is a formal, structured inventory of the components and dependencies used in the Authorization Hub. It provides you with essential transparency into our products, enabling quick identification and mitigation of security vulnerabilities and risks.
The Authorization Hub utilizes industry-standard SBOM formats to ensure compatibility and tool integration, specifically providing SBOMs using SPDX and CycloneDX. The former prioritizes licensing compliance and comprehensive legal due diligence, while the latter focuses on security and vulnerability management.
We enhance these SBOMs by enriching them with current vulnerability information for all currently released Authorization Hub versions.
Download the SBOMs
The following procedure requires a configured AWS CLI account. For setup instructions, refer to the Deployment section.
Run the following AWS CLI commands in your terminal to download the SBOM in both the SPDX and CycloneDX formats.
- SPDX
- Cyclone DX
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/asm-core/1.10.2/asm-core-1.10.2-sbom-spdx2-enriched.json asm-core-1.10.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/asm-api-gateway/asm-api-gateway/1.8.2/asm-api-gateway-1.8.2-sbom-spdx2-enriched.json asm-api-gateway-1.8.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/aggregator/service-aggregator/1.9.2/service-aggregator-1.9.2-sbom-spdx2-enriched.json service-aggregator-1.9.2-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/authorization-domain-manager/authorization-domain-manager/1.4.3/authorization-domain-manager-1.4.3-sbom-spdx2-enriched.json authorization-domain-manager-1.4.3-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/asm-keycloak-mappers/1.9.0/asm-keycloak-mappers-1.9.0-sbom-spdx2-enriched.json asm-keycloak-mappers-1.9.0-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/domain-management-mfe/domain-management-mfe/3.1.5/domain-management-mfe-3.1.5-sbom-spdx2-enriched.json domain-management-mfe-3.1.5-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/dashboard-mfe/dashboard-mfe/2.0.6/dashboard-mfe-2.0.6-sbom-spdx2-enriched.json dashboard-mfe-2.0.6-sbom-spdx2-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/multiple-mfe-orchestrator/multiple-mfe-orchestrator/3.0.7/multiple-mfe-orchestrator-3.0.7-sbom-spdx2-enriched.json multiple-mfe-orchestrator-3.0.7-sbom-spdx2-enriched.json
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/asm-core/1.10.2/asm-core-1.10.2-sbom-cyclonedx-enriched.json asm-core-1.10.2-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/asm-api-gateway/asm-api-gateway/1.8.2/asm-api-gateway-1.8.2-sbom-cyclonedx-enriched.json asm-api-gateway-1.8.2-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/aggregator/service-aggregator/1.9.2/service-aggregator-1.9.2-sbom-cyclonedx-enriched.json service-aggregator-1.9.2-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/authorization-domain-manager/authorization-domain-manager/1.4.3/authorization-domain-manager-1.4.3-sbom-cyclonedx-enriched.json authorization-domain-manager-1.4.3-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/asm-keycloak-mappers/1.9.0/asm-keycloak-mappers-1.9.0-sbom-cyclonedx-enriched.json asm-keycloak-mappers-1.9.0-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/domain-management-mfe/domain-management-mfe/3.1.5/domain-management-mfe-3.1.5-sbom-cyclonedx-enriched.json domain-management-mfe-3.1.5-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/dashboard-mfe/dashboard-mfe/2.0.6/dashboard-mfe-2.0.6-sbom-cyclonedx-enriched.json dashboard-mfe-2.0.6-sbom-cyclonedx-enriched.json && \
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/multiple-mfe-orchestrator/multiple-mfe-orchestrator/3.0.7/multiple-mfe-orchestrator-3.0.7-sbom-cyclonedx-enriched.json multiple-mfe-orchestrator-3.0.7-sbom-cyclonedx-enriched.json