What is SBOM (Software Bill of Materials)?

A complete inventory of every component in a software product — libraries, dependencies, versions, licenses.

Full explanation

An SBOM is the software equivalent of a nutrition label. CycloneDX and SPDX are the two main formats. Executive Order 14028 (US) and the EU Cyber Resilience Act both require or will soon require SBOMs for federal / EU-sold software. Modern build tools emit SBOMs automatically; consuming SBOMs lets you query 'which products include vulnerable dependency X?' fast.

Example

A CycloneDX JSON listing every direct and transitive npm package your Next.js build pulls in, with versions and licenses.

FAQ

What is AIBOM?

AI Bill of Materials — the same concept applied to AI models used by a product. EU AI Act Article 11 requires this for high-risk AI systems.