Software Bill of Materials

DsExcel Java provides a Software Bill of Materials (SBOM) to help customers review the software components included in the product. An SBOM improves software supply chain transparency by listing the libraries and dependencies used in a specific product release.

You can use the SBOM to support internal security reviews, license compliance checks, and other software governance requirements.

SBOM Format

The SBOM for DsExcel Java is provided in CycloneDX format.

The current SBOM information includes the following product metadata:

• Product: DsExcel Java

• Group ID: com.mescius.documents

• Artifact ID: dsexcel

• Version: Aligned with the latest official release

• SBOM format: CycloneDX 1.6

• SBOM generator: cyclonedx-gradle-plugin 3.2.3

What the SBOM Includes

The SBOM for DsExcel Java includes information about the components used in the product release, such as:

• Product package name and version

• Third-party dependencies

• Transitive dependencies

• Open-source components

• License information, when available

• Package identifiers and versions

• Hash values for included components

• Known vulnerability references, when available

This information can help you identify the components included in a release and review their licensing and security status.

Component Categories

The SBOM for DsExcel Java can include components from the following categories:

• DsExcel Java product packages

• Third-party open-source libraries

• Transitive Maven dependencies

• Supporting libraries used for XML processing, imaging, command-line processing, and other runtime features

For example, the SBOM may include supporting libraries such as XML processors, imaging libraries, and other third-party components required by the product.

Obtain an SBOM

The SBOM for DsExcel Java is available upon request.

To obtain the SBOM for a specific DsExcel Java release, please contact MESCIUS Support.