A software nomenclatureotherwise known as SBOM (Software Bill of Materials) lists all the software components and dependencies involved in the development and delivery of an application.
A SBOM (Software Bill of Materials) is a detailed, structured inventory of all the software components used in a computer programme or system. This is an exhaustive list that includes :
- Open source libraries
- Frameworks
- The modules
- Dependencies
- Specific versions of each component
Here are the main points to remember about SBOMs:
- Objective :
- Improving the transparency and security of software
- Facilitating vulnerability management
- Helping to ensure compliance with software licences
- Typical SBOM content :
- Component name
- Version number
- Supplier or author
- Type of licence
- Known dependencies
- Information on potential vulnerabilities
- Common formats :
- SPDX (Software Package Data Exchange)
- CycloneDX
- SWID (Software Identification Tags)