SBOM (Software Bill of Materials)
Source: content/manual/06-glossary/supplychain/sbom.md
Definition
An inventory of components and dependencies in a software artifact, including versions and licenses.
Why it matters
Enables vulnerability management, license compliance, and incident response.
Common pitfalls
- Generating SBOMs but not gating merges on critical issues.
- Letting SBOMs go stale.
References
- CycloneDX (cyclonedx.org)
- SPDX (spdx.dev)
- manual/02-12factor/index.md