A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. A SBOM is a nested inventory, a list of ingredients that make up software components.

SBOM is a way of tracking all the dependencies for a given piece of software. It is common for software developers to reuse existing libraries. This is both for efficiency and stability.

References

I Am Not a Supplier