DEFONEOS: SBOM Category Trend Analysis
This page provides a dynamic trend analysis of the Software Bill of Materials (SBOMs) across DEFONEOS MCP categories, highlighting shifts in component dependencies, risk profiles, and sovereign boundary adherence over time. This ensures continuous compliance and strategic oversight of the entire software supply chain.
SBOM Categorisation
Each of the 30 DEFONEOS MCPs is categorised based on its primary function and domain:
- Sensor MCPs: (10 total) - e.g., `sentinel-hub-mcp`, `openaq-air-mcp`.
- Defence MCPs: (8 total) - e.g., `free-tak-server-mcp`, `yolov8-isr-mcp`.
- Civil Service MCPs: (7 total) - e.g., `data-gov-uk-mcp`, `companies-house-mcp`.
- Compliance MCPs: (3 total) - e.g., `jsp936-compliance-mcp`, `iso27001-audit-mcp`.
- Core Infrastructure MCPs: (2 total) - e.g., `sigil-chain-mcp`, `bft-quorum-mcp`.
Trend Analysis: Key Metrics
The following metrics are continuously tracked to identify trends and potential vulnerabilities:
- Component Density: Changes in the number of open-source and proprietary components.
- Risk Profile Evolution: Shifts in overall CVSS scores and criticality assessments across categories.
- US-Dependency Scan: Longitudinal analysis of US-origin component dependencies across 7 vectors (CDN, Root CA, Cloud API, NTP, Telemetry, JS, Kinetic Patterns). Goal: 0 FAIL.
- SEAL-Eligibility: Tracking the progress of MCPs towards DEFONEOS-SEAL certification.
[ Placeholder for dynamic SBOM Category Trend Chart (e.g., using D3.js or Chart.js) ]
Showing: Component Count by Category over Time, US-Dependency Score, SEAL Progress.
Note: Dynamic chart data and rendering will be integrated in future iterations, drawing directly from the live SBOM registry.
Accessing Historical SBOM Data
For in-depth analysis, historical SBOM bundles for each MCP are available via the SBOM index:
curl -s https://www.csoai.org/defoneos-sbom-index.html