Skip to main content


An SBOM is a list of software used to create an application. By gathering a list of components, users can look at these components to determine if the software contains any known vulnerabilities. When a new vulnerability is discovered, software owners can check the SBOMs for their software to see if it impacts them.

Why are SBOMs important#

The generation of SBOMs was part of the Presidential Executive Order on May 12, 2021:

      (vii)   providing a purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website;     (viii)  participating in a vulnerability disclosure program that includes a reporting and disclosure process;

SBOM in the Developer Lifecycle#

SBOMs are most often created at the application build phase. When a build tool or dependency management tool gathers all dependencies/libraries, a tool writes logs each dependency and library in a common format.

Additional Material#