An SBOM, i.e. a Software Bill of Material, is a preferred machine-readable inventory of software components and dependencies and their hierarchical relationships to each other.
SBOMs can contain open source or proprietary software and can be generally available (“open source”) or access restricted (“closed source”). Individual versions of components of an SBOM should be uniquely identifiable.
Benefits include reduced costs, reduced security risks, and reduced licensing and compliance risks. Use cases include improved software development, supply chain management, vulnerability management and asset management.