Software Bill of Materials

This section desribes the Software Bill of Materials (SBOM) as implemented by Mirantis OpenStack for Kubernetes (MOSK), including the structure of the SBOM data and its intended use cases. It details the machine-readable inventory of product components and their dependencies, the importance of the CycloneDX standard, and how these SBOM artifacts integrate into enterprise security and compliance workflows.

Additionally, the section suggests compatible tools for automated vulnerability management and supply chain transparency that can accept SBOM as input. Use this guide to understand how SBOM enhances operational hygiene and strengthen security of MOSK deployments.

• Concepts and objectives
  • What is SBOM
  • Why SBOM matters to security and operations
• Compatible tools and ecosystem
  • Vulnerability and risk management
  • License and compliance
  • Visualization and utilities
  • Enterprise platform integrations
• Format of SBOM
  • General structure
  • Component grouping
  • Mirantis-specific extensions and conventions
  • SBOM integrity and authenticity