SBOMs Are Becoming a Requirement — Apache Camel Already Ships and Supports Them
, by Claus IbsenIf your security or compliance team has started asking “does it ship with an SBOM?”, you are not alone. The EU Cyber Resilience Act (CRA) will require SBOM delivery for software sold in the EU, US Executive Order 14028 and NIST guidance make SBOMs a federal procurement expectation, and enterprise evaluation checklists increasingly treat SBOM availability as a gate. Apache Camel has shipped SBOMs with every release since 4.0.3 — long before these regulations finalized.