anavem.
Back to Glossary
S

SBOM (Software Bill of Materials)

An SBOM is a formal record of all components and dependencies used to build a software product.

What is SBOM?

A Software Bill of Materials (SBOM) is a nested inventory listing all software components, libraries, and dependencies in an application, enabling vulnerability tracking and supply chain security.

SBOM Formats

SPDX, CycloneDX, SWID tags.

Common Misconceptions

  • "SBOM is just a dependency list" - More structured and comprehensive
  • "SBOM generation is one-time" - Continuous updates needed
  • "SBOM is optional" - Increasingly required by regulations