Our security department requires that we supply a Software Bill of Materials (SBOM) for the Pega Platform and update it for every version of Pega that we deploy.
Where can I find this information?
Is there a mechanism to extract it from the software itself?
Hi @BILL DALEY:
I don’t think there is a way to extract all the Software used in the deployment. Also please note that it is specific to each deployment (for any additional software used other than Pega and its requirements).
With regards to Pega and its required components, I would suggest to look the below to understand the deployment architecture for Pega and its pre-requisites.
Understanding the Pega deployment architecture
Externalization of services in your deployment
Thanks,
Devan
@BILL DALEY
You can connect with your account executive on this matter.
I found out that there is a xxThirdPartyLicense.pdf file in each Pega deployment package where xx is the version number (i.e. 87ThirdPartyLicense.pdf, 88ThirdPartyLicense.pdf, 23ThirdPartyLicense.pdf, etc.) This appears to be the only place to get the SBOM information.