This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git


The following commit(s) were added to refs/heads/main by this push:
     new 0dc99e15 chore: add SBOM mentions to download and security pages
0dc99e15 is described below

commit 0dc99e15ad6a64c09306a0eb9aeae81dab2811ef
Author: Claus Ibsen <[email protected]>
AuthorDate: Mon Jun 22 20:16:59 2026 +0200

    chore: add SBOM mentions to download and security pages
    
    Co-Authored-By: Claude Opus 4.6 <[email protected]>
---
 content/download/_index.md | 7 +++++++
 content/security/_index.md | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/content/download/_index.md b/content/download/_index.md
index d007e733..2714794b 100644
--- a/content/download/_index.md
+++ b/content/download/_index.md
@@ -16,6 +16,13 @@ Here you will only find the supported releases, older 
unsupported releases can b
 
 {{< downloads >}}
 
+## SBOMs
+
+Every release since 4.0.3 includes PGP-signed CycloneDX SBOMs (JSON and XML) 
listed alongside the source
+download above. These machine-readable inventories list every dependency in 
the release and can be fed into
+tools like [OWASP Dependency-Track](https://dependencytrack.org/) for 
automated vulnerability scanning.
+To generate an SBOM for your own Camel application, see the [Generating 
SBOMs](/manual/sbom.html) guide.
+
 ## Keys
 
 You can verify your download by following these 
[procedures](http://www.apache.org/info/verification.html) and using these 
[KEYS](https://www.apache.org/dist/camel/KEYS).
diff --git a/content/security/_index.md b/content/security/_index.md
index 29fb77d7..210e4d9e 100644
--- a/content/security/_index.md
+++ b/content/security/_index.md
@@ -20,6 +20,12 @@ The Camel subprojects — Camel Quarkus, Camel Spring Boot, 
Camel Karaf, Camel K
 Kafka Connector and Camel K — inherit the same trust model; report scope for 
them is governed
 by the same document unless a subproject publishes its own security model.
 
+## Software Bill of Materials (SBOM)
+
+Every Camel release since 4.0.3 ships with PGP-signed CycloneDX SBOMs that 
list all dependencies,
+enabling supply chain risk analysis alongside the CVE advisories below.
+See [Generating SBOMs](/manual/sbom.html) for details.
+
 ## Reporting new security problems with Apache Camel
 
 The Apache Software Foundation takes a very active stance in eliminating 
security problems.

Reply via email to