Software Bill of Materials

Forward Enterprise publishes a Software Bill of Materials (SBOM) that lists all open-source components included in the platform. The SBOM is available at the well-known endpoint /.well-known/sbom and follows the CycloneDX 1.7 specification in JSON format.

Accessing the SBOM

The SBOM endpoint requires authentication. Any authenticated user can retrieve it:

GET https://<forward-instance>/.well-known/sbom

The response includes all open-source dependencies used by the platform, covering both server-side and client-side packages.

SBOM Contents

Each component entry in the SBOM includes:

Name and version of the dependency
License information with SPDX identifiers where available
Package URL (purl) for precise package identification
External references linking to the project homepage

Accessing the SBOM​

SBOM Contents​

Accessing the SBOM

SBOM Contents