A complete inventory of every software component in Crawdad, as required by US Executive Order 14028 for government procurement.
An SBOM (Software Bill of Materials) lists every library, framework, and dependency used to build a piece of software — like a nutrition label for code. It lets security teams audit the supply chain and check for known vulnerabilities.
Crawdad sidecar SBOM: 247 components, CycloneDX 1.4 format, generated by cargo-cyclonedx.
Request sbom.json| Language | Rust (memory-safe by default) |
| Unsafe blocks | Zero |
| Total components | 247 |
| SBOM format | CycloneDX 1.4 JSON |
| Generated by | cargo-cyclonedx v0.5.9 |
| Crate | Version | Purpose |
|---|---|---|
| axum | 0.7 | HTTP framework (proxy + security API) |
| tokio | 1 | Async runtime |
| reqwest | 0.12 | HTTP client (upstream forwarding) |
| serde / serde_json | 1 | JSON serialization |
| regex | 1 | Pattern detection (Layers 1-3) |
| ring | 0.17 | Ed25519 signatures, SHA-256 |
| sha2 | 0.10 | Content hashing for audit |
| rusqlite | 0.31 | Local audit database (bundled SQLite) |
| ml-kem | 0.2 | Post-quantum key exchange (ML-KEM-1024) |
| x25519-dalek | 2 | Forward secrecy key exchange |
| chrono | 0.4 | Timestamps |
| uuid | 1 | Unique identifiers |
| base64 | 0.22 | Encoding/decoding |
| tracing | 0.1 | Structured logging |