Introduction
The JS7 includes a number of 3rd-party components:
- SOS is striving to use up-to-date versions of 3rd-party components.
- SOS cannot exclude a situation when 3rd-party components are hit by vulnerabilities.
- SOS is monitoring 3rd-party components for vulnerabilities at an ongoing basis.
- If vulnerabilities are detected the Release Policy - Vulnerability Management applies.
- This includes to make information about vulnerabilities public with our Change Management System, see https://change.sos-berlin.com
- This includes to add fixed versions of 3rd-party components to timely JS7 maintenance releases.
In addition to above measures the JS7 ships with a Software Bill of Materials (SBOM)
Download
The SBOM ships with the sbom.json file that is available with
Overview
Content Tools