Air-Gapped Configuration
Deploy SBOM Observer in isolated networks without internet access.
This page covers air-gapped deployment of SBOM Observer for organizations operating in isolated networks without internet access.
Air-gapped deployment is essentially on-premise installation with the key difference that SBOM Observer cannot fetch vulnerability datasets directly from external sources, and your infrastructure has no outbound internet connectivity.
This deployment model suits organizations in highly regulated industries or with strict data residency requirements.
See Deployment Models to compare SaaS, on-premise, and air-gapped options.
Key Differences from On-Premise
| Aspect | On-Premise | Air-Gapped |
|---|---|---|
| Internet Access | Yes | No |
| External Calls | SBOM Observer fetches updates directly from external sources | SBOM Observer cannot make external calls |
| Vulnerability Data Updates | Automatic and direct | Periodic transfer through customer-controlled infrastructure |
| Update Method | Automated from SBOM Observer cloud | Customer-managed transfer process |
Prerequisites
All on-premise installation requirements apply, plus the following for air-gapped deployments:
- Data transfer method — A secure, approved process for retrieving vulnerability datasets from external sources and transferring them into your air-gapped environment (for example, via a controlled gateway, data diode, or encrypted media)
- Offline data management — Procedures for receiving, verifying, and importing updated datasets
- Verified network isolation — Confirmed network configuration ensuring no outbound internet access from SBOM Observer infrastructure
Air-gapped deployment requires planning and secure data-transfer procedures. Contact support for guidance on designing and validating your setup.
For complete setup instructions, including Docker Compose files and environment configuration, see the Customer License Portal. All air-gapped–specific deployment guidance is documented there.
Vulnerability Data Management
In an air-gapped environment, vulnerability datasets and security advisories are not updated automatically. Your organization is responsible for establishing a periodic data update process:
- Data retrieval - Your customer-controlled gateway server retrieves the latest vulnerability datasets from external sources
- Data transfer - Datasets are transferred to your air-gapped environment through your approved transfer mechanism
- Data import - Import procedures (provided in your License Portal) load the datasets into SBOM Observer
- Update scheduling - Establish an update cadence that meets your security and compliance requirements
Work with your network and infrastructure teams to implement a reliable and secure dataset update process.
Version Updates
SBOM Observer releases new versions periodically. Contact support for upgrade procedures in air-gapped environments.
Next Steps
- On-Premise Installation - For internet-connected deployments
- Deployment Concepts - Compare deployment options
- Support - Questions about air-gapped setup