// HTTP4K ENTERPRISE EDITION

Production-grade peace of mind. Minus the enterprise theatre.

Long-term support, supply-chain security, priority help from the people who actually wrote the code, and every Pro module - one subscription for teams running http4k where it really counts.

// WHAT'S IN THE BOX

Six guarantees, one subscription.

Up to 24 months peace of mind

Guaranteed security and bug updates for the LTS stable release channel, allowing you to focus on feature delivery.

Access to priority support

The http4k team are here on Slack and Email to guide you through any issues or questions.

Source code access

Full access to the LTS editions of the http4k codebase for transparency and auditing.

License reporting

Signed, per-module license reports delivered with every artifact - ready for audit and regulatory review.

Supply chain security

SLSA Level 2 provenance, signed SBOMs, and cosign signatures for every artifact - compliance-ready out of the box.

Pro modules

A growing collection of commercially licensed, battle-tested modules built from real-world enterprise delivery.

// COMPLIANCE, HANDLED TODAY

Supply chain security is the whole point.

From September 2026, the EU Cyber Resilience Act requires verifiable provenance and machine-readable SBOMs for every component sold into Europe. US Executive Order 14028, NIST SSDF and PCI DSS 4.0 push in the same direction. http4k Enterprise Edition delivers it today.

SLSA Level 2 provenance

Tamper-evident build provenance on every artifact. SLSA L3 on request.

CycloneDX SBOMs

Machine-readable software bills of materials, signed.

Signed licence reports

Per-module licence compliance reports, audit-ready.

Cosign signatures

Cosign signatures with trusted Sigstore timestamps.

FrameworkStatusWhat http4k EE provides
EU Cyber Resilience ActMandatory from September 2026CycloneDX SBOMs, SLSA provenance, signed artifacts, vulnerability handling
US Executive Order 14028ActiveSBOM generation and supply chain attestation for federal procurement
NIST SSDF (PS.3 / PW.4)ActiveSecure development practices, provenance, third-party component verification
PCI DSS 4.0ActiveSupply chain integrity controls and verifiable artifact evidence for audit

http4k Verify - one line of build config validates signatures, SBOMs and provenance for every http4k dependency, automatically, before your code compiles.

Explore Verify →
Full technical detail →
// COMPARE EDITIONS

Same core. More assurance as you grow.

CommunityFree · Apache 2.0ProPer module / seatEnterpriseSubscription
Full open-source core
Supported http4k versionsv6v6v4, v5, v6
Minimum Java versionJava 21Java 21Java 8 (v4/5), 21 (v6)
Pro modules-A la carte✓ all
Supply chain & license provenance, Verify plugin--
Priority supportGitHub issuesGitHub issues✓ Slack, Email
Guaranteed support term--✓ up to 24 months
Source code accessPublicPublic✓ + private LTS
Get started →View Pro →Talk to us →
// LONG-TERM SUPPORT

A predictable LTS cadence, aligned to the JDK.

Major versions track the JDK's two-year LTS cycle. As each new Community major ships, the previous one rolls into a 24-month Enterprise LTS programme - so you upgrade on your schedule, not ours.

// THE FINE PRINT

Enterprise FAQ

How long are LTS versions of http4k EE available for?

As standard, the open source http4k CE of http4k releases major versions of the ecosystem on a delayed cadence which is aligned with major release dates of the JDK every 2 years. As a new major http4k CE version is released, the previous major version enters the http4k EE LTS programme for 2 years. See the schedule above for the current timeline.

How will my teams access the LTS binaries of http4k EE?

The LTS versions of http4k EE are hosted in the http4k Enterprise Repository at maven.http4k.org. To access these assets, you will need to sign up for the http4k Enterprise Subscription and will be supplied with the necessary credentials.

What types of updates are included within the http4k EE LTS offering?

LTS version of http4k EE receive security and high priority bug fixes for community identified bugs. This ensures that your applications remain secure and fully functional.

What type of support is available for http4k EE subscribers

After signup you will be given access to both email and Slack-based support channels. The http4k team is there to help you with any issues or questions you may have regarding the LTS version of http4k libraries.

Can I request specialised features for the http4k EE LTS versions?

For stability reasons, the LTS version of http4k is focused on security and bug fixes so new features are not considered for these versions. If you have a particular feature request, please get in touch to discuss it with the team. We will then prioritise it for inclusion in the mainline release or can work with you to provide a custom build.

Let's talk about your deployment.

Tell us about your stack and compliance needs and we'll tailor a subscription - including LTS timelines outside the standard schedule.

scarf