> For the complete documentation index, see [llms.txt](https://mariadb.com/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mariadb.com/docs/release-notes/enterprise-server/about/sbom.md).

# SBOM

MariaDB publishes a Software Bill of Materials (SBOM) for each MariaDB Enterprise Server release. An SBOM lists the components that make up a build (libraries, packages, versions, licenses, and hashes); enabling customers to meet compliance requirements, perform vulnerability management, and understand supply chain risk.

## About

**Coverage:** Core MariaDB Enterprise Server binaries and packages for each supported platform/release

**Formats:** CycloneDX JSON (.json)

**Contents:** Component names & versions, suppliers, licenses, purls/CPEs (when available), cryptographic hashes, and dependencies

**Availability:** SBOM files are provided alongside each release’s download artifacts in the customer portal, or from the "Software Bill of Materials (SBOM)" link on the [Enterprise Server download page](https://mariadb.com/downloads/enterprise/)

**Updates:** A new SBOM is published for every release; compare SBOMs across versions to see component deltas

## **Recommended Uses**

* **Vulnerability management:** Import the SBOM into a scanner or platform to match against advisories (e.g., OSV/CVE feeds)
* **Compliance & audits:** Produce component/license reports and demonstrate software composition controls
* **Change analysis:** Diff SBOMs between versions to identify updated/deprecated components

## Viewing SBOM Files

The recommended viewer for the MariaDB SBOM files is the CycloneDX Web Tool (hosted by the CycloneDX project), which can be found at [https://cyclonedx.github.io/cyclonedx-web-tool](https://cyclonedx.github.io/cyclonedx-web-tool?utm_source=chatgpt.com)

Advantages of the CycloneDX Web Tool include:

* Our SBOM files are explicitly built for CycloneDX including upload/view functionality for both XML and JSON
* The CycloneDX Web Tool is maintained by the CycloneDX project so it aligns with the standard and will remain compatible
* The CycloneDX Web Tool works via browser so you do not need to install anything

<sub>*This page is: Copyright © 2025 MariaDB. All rights reserved.*</sub>

{% @marketo/form formid="4316" formId="4316" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://mariadb.com/docs/release-notes/enterprise-server/about/sbom.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.