Dependencies

Release tag	sbomify-v26.1.0-20260419.3
App version	v26.1.0
Date	2026-04-19

Images

7 container images from ghcr.io/wellmaintained/packages/

Image	Upstream Version
postgres	17.9	compliance · provenance
redis	8.2.3	compliance · provenance
minio	2025-10-15T17-29-55Z	compliance · provenance
sbomify-app	26.1.0	compliance · provenance
sbomify-keycloak	26.5.6	compliance · provenance
sbomify-caddy-dev	2.11.2	compliance · provenance
sbomify-minio-init	26.1.0	compliance · provenance

SBOMs

CycloneDX SBOMs for all container images in this release. Each SBOM is extracted from OCI attestations attached to the container image and included here as a browsable component tree with a downloadable JSON file.

Image	Upstream Version	Format
postgres	17.9	CycloneDX 1.7	View SBOM
redis	8.2.3	CycloneDX 1.7	View SBOM
minio	2025-10-15T17-29-55Z	CycloneDX 1.7	View SBOM
sbomify-app	26.1.0	CycloneDX 1.7	View SBOM
sbomify-keycloak	26.5.6	CycloneDX 1.7	View SBOM
sbomify-caddy-dev	2.11.2	CycloneDX 1.7	View SBOM
sbomify-minio-init	26.1.0	CycloneDX 1.7	View SBOM

How SBOMs Are Generated

All images are built using Nix derivations, producing fully reproducible builds. SBOMs are generated during the build process and attached to container images as OCI attestations in CycloneDX format.

Previous releases

Historical releases and compliance bundles are available at GitHub Releases.

Last updated on April 19, 2026 • David Laing