Home / Kong Mesh

Report an Issue Report

Software Bill of Materials

Uses: Kong Mesh

Related Documentation

All Mesh Documentation

Tags

#sbom #security

Related Resources

Kong Mesh version support policy

A software bill of materials (SBOM) is an inventory of all software components (proprietary and open source), open source licenses, and dependencies in a given product. A software bill of materials (SBOM) provides visibility into the software supply chain and any license compliance, security, and quality risks that may exist.

Starting with Kong Mesh 2.7.4, we are generating SBOMs for Kong Mesh and Docker container images.

How to access the SBOMs

Download security assets for the latest version of Kong Mesh
Extract the downloaded security-assets.tar.gz
```
 tar -xvzf security-assets.tar.gz
```
Access the below SBOMs:
- sbom.spdx.json and sbom.cyclonedx.json are the SBOM files for binaries built from Kong Mesh
- image_<image_name>-*.spdx.json and image_<image_name>-*.cyclonedx.json are the SBOM files for docker container images of Kong Mesh

Something wrong?

Report an Issue

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!

Contribute

Still need help

Ask in our Forum

Contact Support