SBOM Generation
Software Bill of Materials
Every Chainguard image includes an automatically generated SBOM (Software Bill of Materials) documenting all packages, libraries, and their exact versions. The SBOM is available in SPDX 2.3 and CycloneDX 1.4 formats, meeting the requirements of Executive Order 14028 and NTIA Minimum Elements. Attestations are stored in the OCI registry and signed by Sigstore to ensure integrity and authenticity.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Automatic SBOM generation with every image build without additional configuration
- Support for SPDX 2.3 and CycloneDX 1.4 formats for universal compatibility
- Attestations stored in the OCI registry as image layers with Sigstore signatures
- Mapping of packages to known CVEs using VEX (Vulnerability Exploitability eXchange)
- API and CLI for programmatic SBOM retrieval for integration with pipelines
Business benefits
- Full compliance with EO 14028 and NTIA Minimum Elements requirements
- Automation of report generation for audits and due diligence
- Faster impact analysis of new CVEs thanks to component mapping
- Visibility into transitive dependencies, often missed by scanners
- 80% reduction in compliance documentation preparation time
Why Chainguard?
A leader in software supply chain security offering hardened container images with a minimal attack surface. Chainguard images are built from the ground up with a strong focus on security, regularly updated, and free from known CVEs.
Need SBOM Generation in your organization?
As a certified Chainguard partner, we'll help you deploy and configure the solution.