An SBOM (Software Bill of Materials) is a structured inventory of all components, libraries, and dependencies used in a software application. It provides visibility into what software is built from and where potential risks exist. Also known as a software component inventory, SBOMs are critical for modern security.
Without an SBOM, organisations lack visibility into their software supply chain, making it difficult to assess exposure to vulnerabilities. SBOMs enable faster incident response, better compliance, and stronger supply chain security.
SBOMs are generated during build or release processes using automated tools. They are stored, versioned, and continuously evaluated against vulnerability databases to identify risks in deployed software.
BuildPiper integrates SBOM generation and validation into secure release pipelines. It links SBOMs to builds and releases, enabling teams to assess supply chain risk continuously and enforce security gates automatically.
No. While compliance is a driver, SBOMs are primarily a security and risk management tool that improves visibility and response to vulnerabilities.
SBOMs are best generated during build or release stages and updated continuously as dependencies change.
BuildPiper uses SBOMs to assess supply chain risk as part of release governance, ensuring vulnerable components are identified before deployment.