Skip to content

Software Bill of Materials (SBOM)

This page presents the Software Bill of Materials (SBOM) for Karafka and its runtime dependencies. An SBOM is a comprehensive inventory that details the components, libraries, and software packages utilized in a software product. It plays a crucial role in understanding the software's composition, enhancing transparency, and bolstering security by identifying potential vulnerabilities.

This page exists because of our commitment to security, compliance, and transparency. It serves as a resource for users and developers to understand the external dependencies that Karafka relies on during operation.

Runtime Dependencies in the Karafka SBOM

This SBOM explicitly contains only the Karafka ecosystem's runtime dependencies. This document does not include development and test dependencies, which are crucial during the build and testing phases but are not required for the software's operation.

License Variability in OSS Dependencies

Please be aware that the license status of the dependencies within the Karafka ecosystem may change over time due to the dynamic nature of open-source software (OSS) and dependency management. While we strive to keep this SBOM as accurate and up-to-date as possible, it represents a best-effort snapshot. For those seeking to construct a comprehensive and current SBOM for their projects, incorporating all dependencies accurately, we recommend utilizing tools such as can help automate the creation of a detailed SBOM, ensuring it reflects the complete state of your target software, including any license changes in its dependencies.

karafka + subcomponents

Software Version License Copyrights
karafka 2.0+ (without Pro enhancements) LGPL-3.0-only Maciej Mensfeld
karafka pro 2.0+ (Pro enhancements) Commercial Maciej Mensfeld
karafka-core 2.0+ MIT Maciej Mensfeld
waterdrop All MIT Maciej Mensfeld
zeitwerk All MIT Xavier Noria
karafka-web All (without Pro enhancements) LGPL-3.0-only Maciej Mensfeld
karafka-web pro All (Pro enhancements) Commercial Maciej Mensfeld
e-ruby All MIT Jeremy Evans
roda All MIT Jeremy Evans
tilt All MIT Jeremy Evans
bootstrap 5.2.3 MIT Twitter, Inc.
air datepicker 3.4.0 MIT Timofey Marochkin
highlight.js + embedded themes 11.7.0 BSD-3-Clause Ivan Sagalaev
chart.js 4.1.1 MIT Chart.js Contributors
color 0.3.0 MIT Jukka Kurkela
timeago.js 4.0.2 MIT

rdkafka-ruby + subcomponents

Software Version License Copyrights
rdkafka / rdkafka-ruby All MIT Maciej Mensfeld + project contributors
ffi All BSD-3-Clause Ruby FFI project contributors
mini_portile2 All MIT Luis Lavena and Mike Dalessio
rake All MIT Jim Weirich

librdkafka + subcomponents

Software Version License Copyrights
librdkafka 2.3.0 BSD-2-Clause Confluent Inc.
cJSON 1.7.14 MIT Dave Gamble and cJSON contributors
crc32c 1.1 Zlib Mark Adler
rdfnv1a N/A Public Domain Landon Curt Noll
rdhdrhistogram N/A MIT Coda Hale
murmur2 N/A Public Domain Austin Appleby
pycrc / rdcrc32 0.7.10 MIT Thomas Pircher
queue 8.5 BSD The Regents of the University of California
regexp N/A Public Domain Tor Andersson
snappy 1.1.0 BSD-3-Clause Intel Corporation
tinycthread 1.2 Zlib Evan Nemerson
wingetopt N/A ISC The NetBSD Foundation