ABS Core v4.3.3
Security and Compliance

SBOM Registry & Supply Chain

Software Bill of Materials (SBOM) and ABS Core supply chain integrity.

SBOM Registry & Supply Chain Security

For organizations operating under strict critical infrastructure regulations (e.g., Executive Order 14028, NIS2, ISO/IEC 27001), supply chain transparency is non-negotiable.

ABS Core provides cryptographically signed Software Bill of Materials (SBOMs) for every official release.

Automatic Generation (CycloneDX)

Our Continuous Integration (CI) pipeline has a "Zero Priority" directive for artifact generation. For each build, a complete SBOM is generated using the CycloneDX standard, coupled with vulnerability scanners (e.g., Grype/Trivy).

  • Status: [OK] Implemented (via .github/workflows/sbom-security.yml)
  • Automatic Blocking: Merging into the release repository is rejected if any dependency introduces a Critical severity vulnerability (CVE).

Accessing the SBOM (Enterprise & Defense)

The SBOM is not published on the public site to avoid unnecessary exposure of the attack surface to malicious actors.

Vendor Risk Management (VRM) committees can request the updated SBOM along with the version's Cryptographic Hash through the ABS Benchmark Suite program:

  1. Signing of the Institutional NDA.
  2. Transfer of abscore-sbom-v4.3.3.json (CycloneDX format).
  3. Internal audit (Client's SIEM/Vulnerability Scanner) for Procurement approval.

[!TIP] In restricted environments, we recommend verifying the NPM package hash against the hash present in the SBOM before starting Air-Gapped operations.

Defense & Classified Deployments

Security, infrastructure, and compliance requirements for isolated networks, SCIFs, and critical infrastructure.

Key Management & HSM Integration

Cryptographic key lifecycle (KMS), Hardware Security Modules (HSM) integration, and rotation strategies.

On this page

SBOM Registry & Supply Chain SecurityAutomatic Generation (CycloneDX)Accessing the SBOM (Enterprise & Defense)