Software Bill of Materials (SBOM)

A Software Bill of Materials (SBOM) is a detailed inventory of all components, libraries, and dependencies that make up a piece of software. Think of it as an ingredients list for software — it tells you exactly what's inside, including third-party and open-source components that your developers may have incorporated.

SBOMs are increasingly important for software supply chain security. When a vulnerability is discovered in a widely used library (like the Log4j vulnerability in 2021), having an SBOM lets you quickly determine whether your software is affected. Executive Order 14028 mandates SBOM requirements for software sold to the federal government.