Built on the Shoulders of Giants
ShadowCradle stands on a foundation of exceptional open source software. We believe in transparency, respect for contributors, and honest acknowledgment of the libraries that power our platform.
Our Commitment to Transparency
Full License Disclosure
Every open source library, component, and dependency used in ShadowCradle is catalogued with its license, version, and contribution details. No hidden licenses. No compliance surprises.
Public Compliance Repository
Our license compliance metadata, SBOM (Software Bill of Materials), and attribution records are maintained in a public git repository for full community access and audit.
Respect for Contributors
Open source developers make ShadowCradle possible. We recognize their efforts, maintain accurate attribution, and comply with every license requirement.
Security & Legal Compliance
We conduct regular license audits and security scanning on all dependencies. We understand and respect the terms of each license type: GPL, MIT, Apache, BSD, and more.
License Compliance & SBOM
Public Compliance Repository
All open source licensing information, dependency declarations, and Software Bill of Materials (SBOM) for ShadowCradle are maintained in our public compliance repository. This includes:
- Complete list of dependencies with versions
- License type for each component (GPL, MIT, Apache 2.0, BSD, etc.)
- Attribution and contributor information
- License compatibility analysis
- Security vulnerability tracking
- Update and patch status
What You'll Find
Docker Images & Manual Compilation
Pre-Built Docker Images
We provide Docker images for critical open source components used in ShadowCradle's architecture. These enable you to build and verify component integrity independently.
- →Pre-configured build environments
- →Reproducible compilation from source
- →Inspect and verify all dependencies
- →Available on request via compliance repo
Manual Compilation
For organizations that prefer to compile all components from source, we maintain build instructions and Dockerfiles that allow complete transparency and reproducible builds.
- →Full source compatibility
- →Build from verified commits
- →Reproducible container images
- →Audit trail documentation
Source Code Audit Requests
Transparency Through Audit
We take security and compliance seriously. While ShadowCradle is not open source at this time, we understand that some organizations need to verify the security and quality of their backup infrastructure.
We offer a formal source code audit program for qualified organizations. Audit requests are reviewed seriously and can be granted under appropriate confidentiality agreements.
We commit to reviewing all audit requests within 90 days and providing a response.
Open Source Licenses We Comply With
We actively use and comply with all major open source licenses in our platform.
Submit an Audit Request
Organizations with security or compliance requirements can request access to ShadowCradle's source code for audit. All requests are evaluated and reviewed within 90 days. If approved, access will be granted under a formal agreement with strict controls.