sbomify · DHI
A Software Bill of Materials (SBOM) and document management platform application.
This is a wellmaintained/packages-dhi distribution built on Docker Hardened Images.
7 container images
CycloneDX SBOMs
CycloneDX SBOMs
Grype CVE scans
VEX triage
VEX triage
License notices
Source disclosure
Source disclosure
DHI + wellmaintained
Sigstore signing
Sigstore signing
Regulation Evidence Map
Which release artifacts satisfy specific regulatory requirements.
| Regulation | Control | Dependencies | Vulnerabilities | Licenses | Provenance |
|---|---|---|---|---|---|
| Vendor Security Assessment | Software composition | ✓ | |||
| Vulnerability management | ✓ | ||||
| Third-party risk | ✓ | ||||
| Build integrity | ✓ | ||||
| ISO 27001 | A.8.8 Vulnerability management | ✓ | |||
| A.8.28 Secure coding | ✓ | ✓ | |||
| A.8.30 Outsourced development | ✓ | ✓ | |||
| CRA | Art.13 SBOM requirement | ✓ | |||
| Art.13(6) Vulnerability handling | ✓ | ||||
| Art.13 Secure development | ✓ |