#63DELIVERYPACKAGEElite
SBOM Generation
Software Bill of Materials for every release
Medium
Overview
Generate a comprehensive Software Bill of Materials (SBOM) for every artifact. Documents all components, versions, licenses, and dependencies in a machine-readable format.
Why It Matters
Know exactly what's in your software. Increasingly required for enterprise sales and compliance. When the next Log4j hits, you'll know in seconds if you're affected.
The Risk
Without SBOMs, vulnerability response takes days of manual searching. You can't answer 'are we affected?' Enterprise sales stall. Compliance requirements go unmet.
Implementation Components
A complete implementation of this capability includes:
- Automated SBOM generation during packaging
- Comprehensive dependency list (direct and transitive)
- Standard format (CycloneDX or SPDX)
- SBOM signed and stored with artifact
- Queryable SBOM database for vulnerability matching
- SBOM available for customer download
Implementation Pattern
- 1Choose SBOM format (CycloneDX or SPDX)
- 2Generate SBOM during packaging
- 3Include all direct and transitive dependencies
- 4Sign and store SBOM alongside artifact
- 5Make available for downstream consumption
Tool Examples
These are examples, not endorsements. Choose what fits your context.
Dependencies
Requires (must have first)
Enhanced by (more effective with)
Enables (unlocks)
Same Phase
Other capabilities in this pipeline phase