Downloading Linkerd SBOMs for Buoyant Enterprise for Linkerd

Every release of Buoyant Enterprise for Linkerd is accompanied by a Software Bill of Materials (SBOM) that lists the software components and their versions that are included in the release. SBOMs are available for each Docker image, along with Go and Rust dependencies.

  • Docker installed on your local machine
  • Credentials to access the BEL Azure Container Registry (ACR) provided on the Buoyant portal
  • jq

To download SBOMs for BEL Docker images:

# Docker SBOMs
export BEL_VERSION=enterprise-2.15.1
for component in controller policy-controller proxy proxy-init; do$component:$BEL_VERSION
    oras discover -o json \
      --artifact-type sbom/example \
      $image | jq -r ".manifests[0].digest"
  oras pull -o ./ $image@$sbom_digest

To download SBOMs for Go and Rust components:

export BEL_VERSION=enterprise-2.15.1
id=$(docker create$BEL_VERSION --entrypoint)
docker cp $id:enterprise-linkerd.$BEL_VERSION.spdx.json enterprise-linkerd.$BEL_VERSION.spdx.json

To download the Rust Cargo SBOMs:

id=$(docker create --entrypoint)
sboms=$(docker export $id | tar t | grep spdx.json)
for sbom in $sboms; do
  docker cp $id:$sbom $sbom