Security at EPPlus Software
This section is under active development. Additional information and features will be added continuously.
EPPlus Software is committed to transparency and responsible handling of security vulnerabilities. This section provides an overview of our security practices, including software composition, vulnerability scanning, and source code analysis.
Software Bill of Materials (SBOM)
We publish a Software Bill of Materials for every EPPlus release, listing all third-party dependencies with versions, licenses and checksums. SBOMs are available in CycloneDX JSON format.
Source Code Scanning
The EPPlus source code is continuously analyzed using GitHub CodeQL, which scans for potential security vulnerabilities and coding errors on every push to our main branches.
