Version: v3.4.x LTS
Bill of Materials
Twitter
LinkedIn
Facebook
EmailBill of Materials
Zowe™ uses the SPDX SBOM format to represent Zowe's bill of materials. To read more about why SBOMs and SPDX are used, see the blog post SPDX: It’s Already in Use for Global Software Bill of Materials (SBOM) and Supply Chain Security. Use Hash codes to validate that your download is authentic. Use the following command:
openssl dgst -sha1 <downloaded_sbom.zip>.
The table lists an inventory of the third-party open-source software used by Zowe. This inventory specifies the name and version of each software component and the legal license governing the use of that component.
Review the following table and associated links of Zowe SBOMs:
| Type | Component | SBOM Link | SHA-1 Hash |
|---|---|---|---|
| Artifact SBOM | Zowe z/OS Components (PAX, SMP/E, PSWI) | SBOM Link | 3ed80afaadfdabe1112c7063fe297d5f |
| Artifact SBOM | Zowe CLI Standalone Package | SBOM Link | 98b75ca32cc08664574da1886d28c625463cceba |
| Artifact SBOM | Zowe CLI Standalone Plugins Package | SBOM Link | 7d1e06e579b4dcc69c44405a47dfebc386426b0f |
| Artifact SBOM | Zowe Client NodeJS SDK | SBOM Link | c61bd6b9f78ba2aa67a0f4e53874a097992d8155 |
| Artifact SBOM | Zowe Client Python SDK | SBOM Link | 637c5f90f94a88cb534bead7755fac112b509217 |
| Source Code SBOM | All Zowe's Source Repositories used in final artifacts | SBOM Link | 19d2b81b0fa2955d165123871c72c2c77ddf73b7 |