Documentation
Compatibility - Ecosystems, Containers and SBOM Formats
Ensuring that your tools and solutions work seamlessly with your existing tech stack is paramount. This compatibility documentation is designed to provide clarity about which programming languages, containers, and SBOM formats are natively supported by the SBOM Observer.
By understanding these compatibilities, you can seamlessly integrate our offerings into your development and deployment workflow, ensuring that your software supply chain remains both robust and agile.
Supported Programming Languages and Ecosystems
The programming languages supported by the SBOM Observer.
| Languages | Ecosystems |
|---|---|
| C/C++ | Conan |
| Dart | Pub |
| Elixir | Hex |
| Erlang | Hex |
| Go | Go packages |
| Java | Maven |
| .NET | Nuget |
| Node.js (JavaScript/TypeScript) | npm |
| PHP | Composer |
| Python | PyPi, Pip |
| Ruby | RubyGems |
| Rust | Cargo |
| Swift | CocoaPods |
Operating Systems Compatibility
| OS | Supported Versions |
|---|---|
| Alpine Linux | 2.2 - 2.7, 3.0 - 3.18, edge |
| AlmaLinux | 8, 9 |
| Amazon Linux | 1, 2, 2023 |
| CentOS | 6, 7, 8 |
| CBL-Mariner | 1.0, 2.0 |
| Chainguard | (n/a) |
| Debian GNU/Linux | 7, 8, 9, 10, 11, 12 |
| openSUSE Leap | 42, 15 |
| Oracle Linux | 5, 6, 7, 8 |
| Photon OS | 1.0, 2.0, 3.0, 4.0 |
| Red Hat Enterprise Linux | 6, 7, 8 |
| Rocky Linux | 8, 9 |
| SUSE Enterprise Linux | 11, 12, 15 |
| Ubuntu | All versions supported by Canonical |
| Wolfi Linux | (n/a) |
Supported SBOM Formats
Below is a list of supported SBOM Formats.
| SBOM standard | Formats | Version | More information |
|---|---|---|---|
| CycloneDX | JSON, XML | Up to 1.6 | Learn more |
| SPDX | JSON, YAML, RDF (RDF/XML), tag:value (flat text file) | 2.1 - 2.3 | Learn more |
Supported Attestation Types
SBOM Observer supports the types of attestations:
| Attestation Type | Description |
|---|---|
| SBOM | Software Bill of Materials – A comprehensive inventory of software components. |
| HBOM | Hardware Bill of Materials – A detailed list of hardware components and their dependencies. |
| CBOM | Component Bill of Materials – A detailed inventory of individual software components, including their dependencies and configuration details. |
| CycloneDX VEX | A vulnerability exchange format based on the CycloneDX standard, enabling the automated sharing of vulnerability information. |
| OpenVEX | An open standard for vulnerability exchange that facilitates the communication of vulnerability data and remediation guidance. |
| SLSA | Supply chain Levels for Software Artifacts – A security framework outlining best practices to secure the software supply chain and verify the integrity of software artifacts. Observer supports SLSA Package Provenance |