
## **Purpose**  
This document outlines the direction Aspose needs to take as a software producer and consumer to enhance transparency and, more importantly, gain visibility into the security of our software supply chain. Aspose is assessing a rapidly evolving regulatory environment with references to SBOM requirements in numerous draft laws, U.S. and international executive orders, customer requests, and various community standards and specifications.

## **Why SBOMs are Important**

1. **Transparency as a Core Value**  
   Providing accurate details on software components—including lineage and vulnerability data—aligns with Aspose’s values and its commitment as an open-core company. SBOMs are crucial to achieving software transparency.

2. **Addressing Risks from Software Dependencies**  
   SBOMs from other companies and open-source projects enable Aspose to make quick, risk-based decisions, reducing the risk posed by unknown dependencies and vulnerabilities.

3. **Competitive Advantage**  
   As a leader in DevSecOps, Aspose is held to a higher standard and must lead in SBOMs from a product and customer trust perspective.

4. **Efficiency Through Standardization**  
   Using standard formats like CycloneDX and VEX helps streamline information flow, ensuring both Aspose and its customers can easily verify dependencies and the status of vulnerabilities.

5. **Regulatory Compliance**  
   While binding requirements are limited, SBOMs have been referenced in U.S. federal mandates, including an Executive Order, the National Cybersecurity Strategy, NIST standards, and draft legislation. Non-U.S. regulatory frameworks are following, with the regulatory landscape expected to evolve significantly.

### Aspose is working on the development of the Software Specification and plans to publish it in H2 2026.

You can download the Software Bill of Materials (SBOM) from the Compliance Report page in the popular formats like CycloneDX and SPDX for each product:

### .NET Products

Aspose.Total for .NET pending

Aspose.Words for .NET [Compliance Reports](https://releases.aspose.com/words/net/compliance-reports/)

Aspose.PDF for .NET [Compliance Reports](https://releases.aspose.com/pdf/net/compliance-reports/)

Aspose.Cells for .NET [Compliance Reports](https://releases.aspose.com/cells/net/compliance-reports/)

Aspose.Email for .NET [Compliance Reports](https://releases.aspose.com/email/net/compliance-reports/)

Aspose.Slides for .NET [Compliance Reports](https://releases.aspose.com/slides/net/compliance-reports/)

Aspose.Imaging for .NET [Compliance Reports](https://releases.aspose.com/imaging/net/compliance-reports/)

Aspose.BarCode for .NET [Compliance Reports](https://releases.aspose.com/barcode/net/compliance-reports/)

Aspose.Diagram for .NET [Compliance Reports](https://releases.aspose.com/diagram/net/compliance-reports/)

Aspose.Tasks for .NET [Compliance Reports](https://releases.aspose.com/tasks/net/compliance-reports/)

Aspose.OCR for .NET pending

Aspose.Note for .NET pending

Aspose.CAD for .NET pending

Aspose.3D for .NET [Compliance Reports](https://releases.aspose.com/3d/net/compliance-reports/)

Aspose.HTML for .NET [Compliance Reports](https://releases.aspose.com/html/net/compliance-reports/)

Aspose.GIS for .NET pending

Aspose.ZIP for .NET [Compliance Reports](https://releases.aspose.com/zip/net/compliance-reports/)

Aspose.Page for .NET [Compliance Reports](https://releases.aspose.com/page/net/compliance-reports/)

Aspose.PSD for .NET pending

Aspose.OMR for .NET pending

Aspose.PUB for .NET pending

Aspose.SVG for .NET [Compliance Reports](https://releases.aspose.com/svg/net/compliance-reports/) 

Aspose.Finance for .NET pending

Aspose.Drawing for .NET [Compliance Reports](https://releases.aspose.com/drawing/net/compliance-reports/) 

Aspose.Font for .NET [Compliance Reports](https://releases.aspose.com/font/net/compliance-reports/)

Aspose.TeX for .NET [Compliance Reports](https://releases.aspose.com/tex/net/compliance-reports/)

Aspose.LLM for .NET pending

Aspose.Medical for .NET pending 

 