-
Notifications
You must be signed in to change notification settings - Fork 4
SBOM
samatstarion edited this page Aug 8, 2025
·
1 revision
As part of our commitment to security, transparency, and traceability the docker images and nuget packaves Software Bill of Materials (SBOM), the docker containers also contain Provenance information. These are automatically generated during the build process, providing detailed insights into the components, their licenses, versions, and the integrity of the nugets and docker images. What is Included:
- A comprehensive list of all open-source and third-party components included in the Docker images and nugets.
- Tracks software dependencies, licenses, and versions.
- Helps with vulnerability management by allowing users to quickly identify potential risks tied to specific components.
- A record of the image's origin and build process, providing traceability and assurance regarding the integrity of the image.
- This ensures that the image was built using the declared sources and under the specified conditions, helping verify its authenticity and consistency.
- Improved Transparency: Provides full visibility into the open-source and third-party components included in the image.
- Security Assurance: Enables easier tracking of vulnerabilities associated with specific components, promoting proactive security measures.
- Compliance: Ensures adherence to licensing requirements and simplifies audits of dependencies and build processes.
- Image Integrity: Provenance guarantees that the image is built as expected, without unauthorized modifications.
copyright @ Starion Group S.A.