What is SBOM?
A Software Bill of Materials (SBOM) is a structured inventory of all components that make up a piece of software — including third‑party libraries, packages, versions, and their relationships. SBOMs help organizations understand what is inside their software, evaluate exposure to known vulnerabilities, and meet supply‑chain security and compliance requirements.
We publish SBOMs because transparency and security are core to Defguard. Making our dependency information public lets customers and auditors independently verify what we ship, continuously assess risk against public CVE databases, and integrate our artifacts into their own security tooling and compliance workflows.
SBOMs also help us respond faster to newly disclosed issues: we track and scan dependencies after each release, prioritize remediation, and communicate status openly. This practice aligns with ISO 27001 controls and demonstrates our commitment to a secure software supply chain.
SBOM file list with vulnerability status
Separate SBOMs are available for mobile apps (Android, iOS), the desktop app (Windows, macOS, Linux), and server components (Core, Proxy, Gateway). Alongside each SBOM, advisories files are also published to summarize known vulnerabilities in detail.
We use Trivy to generate SBOM files and scan for vulnerabilities in our dependencies. Each SBOM is updated every day in our CI/CD pipeline and provided in the standard SPDX format.
| Component | Version | Date checked | Links | Vulnerability status | Status |
|---|---|---|---|---|---|
| 1.5.2 | 2025-12-05 | SBOM | Advisories | Medium vulnerabilities | Patch in progress | |
| 1.5.1 | 2025-12-05 | SBOM | Advisories | Medium vulnerabilities | Patch in progress | |
| Gateway | 1.5.1 | 2025-12-04 | SBOM | Advisories | No vulnerabilities | — |
| 1.5.2 | 2025-12-05 | SBOM | Advisories | Medium vulnerabilities | Patch in progress | |
| Mobile App | 1.5.1 | 2025-12-05 | SBOM | Advisories | No vulnerabilities | — |