A SBOM is a nested inventory, a list of ingredients that make up software components. The SBOM work has advanced since 2018 as a collaborative community effort,
A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components.
An SBOM is a comprehensive list of all the software components, dependencies, and metadata associated with an application. The SBOM functions as the inventory of all the building blocks that make up a software product. With it, organizations can better understand, manage, and secure their applications.
SBOM enables organizations to identify and track all third-party components, in particular open source components, and comply with licensing requirements. It also helps ensure that the organization does not run vulnerable open source components and keeps track of critical updates and patches.