v2.4.0 | Report Errata
docs development docs development

This artefact comprises the collection of SBOMs generated across the system’s lifecycle. Each SBOM captures the complete dependency inventory for a specific build, including ML-specific components.

The SBOM collection provides a dependency evolution history. When a supply chain vulnerability is disclosed, the organisation can search historical SBOMs to determine which deployed versions were affected and whether the vulnerability was present during periods when the system was processing personal data. This retrospective analysis capability supports incident response and regulatory reporting obligations.

Each SBOM is linked to the container image version it describes and to the deployment ledger entry that recorded the image’s deployment. The SBOM for the currently deployed version is the primary reference for Module 9’s cybersecurity documentation. Archived SBOMs are retained for the ten-year period.

Key outputs

  • SBOM collection across all builds
  • Linkage to container image versions and deployment ledger entries
  • Retrospective vulnerability search capability
  • Module 9 and Module 3 evidence
On This Page