# SBOM

MariaDB publishes a Software Bill of Materials (SBOM) for each MariaDB Enterprise Server release. An SBOM lists the components that make up a build (libraries, packages, versions, licenses, and hashes); enabling customers to meet compliance requirements, perform vulnerability management, and understand supply chain risk.

## About

**Coverage:** Core MariaDB Enterprise Server binaries and packages for each supported platform/release

**Formats:** CycloneDX JSON (.json)

**Contents:** Component names & versions, suppliers, licenses, purls/CPEs (when available), cryptographic hashes, and dependencies

**Availability:** SBOM files are provided alongside each release’s download artifacts in the customer portal, or from the "Software Bill of Materials (SBOM)" link on the [Enterprise Server download page](https://mariadb.com/downloads/enterprise/)

**Updates:** A new SBOM is published for every release; compare SBOMs across versions to see component deltas

## **Recommended Uses**

* **Vulnerability management:** Import the SBOM into a scanner or platform to match against advisories (e.g., OSV/CVE feeds)
* **Compliance & audits:** Produce component/license reports and demonstrate software composition controls
* **Change analysis:** Diff SBOMs between versions to identify updated/deprecated components

## Viewing SBOM Files

The recommended viewer for the MariaDB SBOM files is the CycloneDX Web Tool (hosted by the CycloneDX project), which can be found at [https://cyclonedx.github.io/cyclonedx-web-tool](https://cyclonedx.github.io/cyclonedx-web-tool?utm_source=chatgpt.com)

Advantages of the CycloneDX Web Tool include:

* Our SBOM files are explicitly built for CycloneDX including upload/view functionality for both XML and JSON
* The CycloneDX Web Tool is maintained by the CycloneDX project so it aligns with the standard and will remain compatible
* The CycloneDX Web Tool works via browser so you do not need to install anything

<sub>*This page is: Copyright © 2025 MariaDB. All rights reserved.*</sub>

{% @marketo/form formid="4316" formId="4316" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/release-notes/enterprise-server/about/sbom.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.