← Back to Landscape

#63DELIVERYPACKAGEElite

SBOM Generation

Software Bill of Materials for every release

Medium

Overview

Generate a comprehensive Software Bill of Materials (SBOM) for every artifact. Documents all components, versions, licenses, and dependencies in a machine-readable format.

Why It Matters

Know exactly what's in your software. Increasingly required for enterprise sales and compliance. When the next Log4j hits, you'll know in seconds if you're affected.

Implementation Pattern

1Choose SBOM format (CycloneDX or SPDX)
2Generate SBOM during packaging
3Include all direct and transitive dependencies
4Sign and store SBOM alongside artifact
5Make available for downstream consumption

Tool Examples

These are examples, not endorsements. Choose what fits your context.

Syft

Trivy SBOM

CycloneDX

Dependencies

Requires (must have first)

•#16 Package

Enhanced by (more effective with)

•#18 Artifact Provenance

Enables (unlocks)

•#62 Vulnerability Tracking

Same Phase

Other capabilities in this pipeline phase

Quick Actions

View in Flow View full landscape Assess your platform

#62 Vulnerability Tracking