DfenAI

Software Bill of Materials

Complete transparency in our software supply chain. Our SBOM provides detailed information about all software components powering the DfenAI platform.

What is an SBOM?

A Software Bill of Materials (SBOM) is a comprehensive inventory of all software components, libraries, and dependencies that make up our platform. It provides transparency into our software supply chain and enables security teams to identify potential vulnerabilities.

Security

Quickly identify and respond to vulnerabilities in our dependencies.

Transparency

Complete visibility into the software components we use.

Compliance

Meet regulatory requirements and industry best practices.

Download SBOM Files

Our SBOMs are available in CycloneDX 1.4 format, the industry-standard SBOM specification from OWASP. Each SBOM includes comprehensive component metadata with Package URLs (PURL) for precise identification.

OWASP CycloneDX is specifically designed for security use cases and is widely supported by vulnerability scanning tools, supply chain security platforms, and compliance frameworks.

Backend API

Express.js, PostgreSQL, Redis, BullMQ, and security libraries

CycloneDX 1.461 Components
Download Backend SBOM

Frontend Application

Next.js, React, Tailwind CSS, and UI libraries

CycloneDX 1.442 Components
Download Frontend SBOM

SBOM Format Details

Format: CycloneDX JSON
Spec Version: 1.4
Component Type: Application + Libraries
Identifiers: Package URLs (PURL)

Key Software Components

Backend Technologies

  • Node.js & Express.js - Web application framework
  • PostgreSQL - Primary database
  • Redis & BullMQ - Job queue and caching
  • Socket.IO - Real-time communication
  • Passport.js - Authentication framework

Frontend Technologies

  • Next.js 15 - React framework with App Router
  • React 19 - UI component library
  • Tailwind CSS - Utility-first CSS framework
  • Framer Motion - Animation library
  • Axios - HTTP client

Version Management & Updates

Regular Updates: Our SBOMs are regenerated with each major release and updated monthly.
Vulnerability Management: We continuously monitor dependencies for security vulnerabilities using automated scanning tools.
Update Frequency: Critical security patches are applied within 48 hours of disclosure.
Dependency Audits: Quarterly comprehensive audits of all dependencies and licenses.

License Compliance

All software components used in DfenAI comply with open-source licenses. We primarily use:

MIT License
Most permissive license for maximum flexibility
Apache 2.0
Patent protection and contributor agreements
ISC & BSD
Simple permissive licenses

We do not use any AGPL, GPL, or other copyleft licenses that would require disclosure of our proprietary code.

Questions About Our SBOM?

For security inquiries, vulnerability reports, or questions about our software supply chain, please contact our security team.

Security Team: security@dfen.ai

Response Time: Within 48 hours for security matters

← Back to Legal
Last updated: October 2025