A Software Bill of Materials is the complete inventory of every component, library, and dependency that comprises a piece of software.
An SBOM is a formal, machine-readable record of every software component in a product. It lists names, versions, suppliers, licenses, and dependency relationships, providing a complete transparency layer into the software supply chain.
Modern software is assembled from hundreds of third-party components. Without an SBOM, organizations cannot identify vulnerable dependencies, verify license compliance, or trace the provenance of their entire software stack.
SBOMs are generated by build-time analysis tools that interrogate package manifests, binary metadata, and source repositories. Formats like CycloneDX, SPDX, and SWID provide standardized schemas for interchange and automated processing.
A digital dependency cathedral.