A Software Bill of Materials (SBOM) is a broad inventory of all components, libraries, and other third-party assets used in a software application. It’s a detailed list of all the components that go into the software, much like a recipe lists the ingredients needed to prepare a dish.

Why do we need an SBOM?

Nowadays, software is often built using a variety of open source and third-party components. While this approach can speed up development and reduce costs, it also introduces potential security risks. Without proper visibility into the components used in the software, it can be difficult to identify and address vulnerabilities.

This is where an SBOM comes to the rescue. It provides a complete list of all the components used in the application, along with information about their versions, licenses, and any known vulnerabilities. This allows organizations to better understand and manage the risks associated with their software.

SBOM is not only about security.

It can also help organizations track and manage their software licenses, ensure compliance with open source policies, and identify opportunities for optimization and cost savings.

But of course, no blog post is complete without a quote from Michael Jordan. Especially today on 02-03-23 (DD-MM-YYYY is the date notation in The Netherlands)! Michael Jordan famously said, "Talent wins games, but teamwork and intelligence win championships." Within software development, an SBOM is a key tool for enabling teamwork and intelligence across the entire software development lifecycle. It helps bring transparency and clarity to the complex process of building software, allowing teams to work together more effectively and make better-informed decisions.


How to build an SBOM

If you want to experiment with creating an SBOM there is a excellent blog by Gunter Rotsaert that shows you how to build the SBOM in an automated way.

So, if you’re not already using an SBOM in your software development process, it’s worth considering. It may not make you the next Michael Jordan of software development, but it can certainly help your team perform at its best.