Dependencies
| Release tag | sbomify-v26.1.0-20260419.3 |
| App version | v26.1.0 |
| Date | 2026-04-19 |
Images
7 container images from ghcr.io/wellmaintained/packages/
| Image | Upstream Version | |
|---|---|---|
| postgres | 17.9 | compliance · provenance |
| redis | 8.2.3 | compliance · provenance |
| minio | 2025-10-15T17-29-55Z | compliance · provenance |
| sbomify-app | 26.1.0 | compliance · provenance |
| sbomify-keycloak | 26.5.6 | compliance · provenance |
| sbomify-caddy-dev | 2.11.2 | compliance · provenance |
| sbomify-minio-init | 26.1.0 | compliance · provenance |
SBOMs
CycloneDX SBOMs for all container images in this release. Each SBOM is extracted from OCI attestations attached to the container image and included here as a browsable component tree with a downloadable JSON file.
| Image | Upstream Version | Format | |
|---|---|---|---|
| postgres | 17.9 | CycloneDX 1.7 | View SBOM |
| redis | 8.2.3 | CycloneDX 1.7 | View SBOM |
| minio | 2025-10-15T17-29-55Z | CycloneDX 1.7 | View SBOM |
| sbomify-app | 26.1.0 | CycloneDX 1.7 | View SBOM |
| sbomify-keycloak | 26.5.6 | CycloneDX 1.7 | View SBOM |
| sbomify-caddy-dev | 2.11.2 | CycloneDX 1.7 | View SBOM |
| sbomify-minio-init | 26.1.0 | CycloneDX 1.7 | View SBOM |
How SBOMs Are Generated
All images are built using Nix derivations, producing fully reproducible builds. SBOMs are generated during the build process and attached to container images as OCI attestations in CycloneDX format.
Previous releases
Historical releases and compliance bundles are available at GitHub Releases.
Last updated on • David Laing