buoyant.io

Downloading SBOMs

Releases of Buoyant Enterprise for Linkerd are accompanied by a Software Bill of Materials (SBOM) that lists the software components and their versions that are included in the release. SBOMs are available for each Docker image, along with Go and Rust dependencies. This guide demonstrates how to download SBOMs for the latest release of BEL.

To download all SBOMs for the latest release:

# Docker image SBOMs
for component in controller extension-init policy-controller proxy proxy-init; do
  for suffix in "" -fips; do
    filename=$component-enterprise-2.17.0$suffix.spdx.json
    curl -sLO https://github.com/BuoyantIO/linkerd-buoyant/releases/download/enterprise-2.17.0/$filename
  done
done

# Rust SBOMs
for component in extension-init policy-controller proxy; do
  filename=enterprise-linkerd.$component.enterprise-2.17.0.spdx.json
  curl -sLO https://github.com/BuoyantIO/linkerd-buoyant/releases/download/enterprise-2.17.0/$filename
done

# BEL code repo SBOM
curl -sLO https://github.com/BuoyantIO/linkerd-buoyant/releases/download/enterprise-2.17.0/enterprise-linkerd.enterprise-2.17.0.spdx.json