# libmongocrypt SSDLC Compliance Report

## Release Creator

See [C/CXX Release Info](https://docs.google.com/spreadsheets/d/1yHfGmDnbA5-Qt8FX4tKWC5xk9AhzYZx1SKF4AD36ecY/edit?usp=sharing) (internal).

## Process Document

Not available. <!-- DRIVERS-2892: replace with link to public-facing document once available. -->

## Tool used to track third party vulnerabilities

Silk and Snyk.

## Third-Party Dependency Information

See `cyclonedx.augmented.sbom.json` attached to release.

## Static Analysis Findings

See [SSDLC Static Analysis Reports](https://drive.google.com/drive/folders/17bjBnQ3mhEXvs6IK1rrTphJr0CUO2qZh?usp=sharing) (internal) for release-specific reports.

## Security Testing Report

See [libmongocrypt Security Testing Summary](https://docs.google.com/document/d/1dc7uvBzu3okAIsA8LSW5sVQGkYIvwpBVdg5v4wb4c4s?usp=sharing) (internal). Available as needed from the libmongocrypt team.

## Security Assessment Report

Not applicable to libmongocrypt.

## Signature Information

Signatures for Windows binaries are attached to this release and may be verified with `gpg`. The public key for `libmongocrypt` is available on https://pgp.mongodb.com/.

## Known Vulnerabilities

Any vulnerabilities that may be shown in the links referenced above have been reviewed and accepted by the appropriate approvers. For detailed information, see `third_party_vulnerabilities.md` attached to release.