A software bill of materials (SBOM) declares the inventory of components used to build a software artifact such as a software application - Wikipedia
Inventory of libraries used in software artifact
Scan for vulnerabilities
Scan for license compliance
Linux Foundation’s Software Package Data Exchange (SPDX)
Anchore syft , Aqua Security trivy , docker-sbom , BuildKit >=0.11.0-rc1 , Kubernetes bom , Microsoft sbom-tool
Anchore grype , Aqua Security trivy
uniget install --tags sbom --plan
SBoM generation
SBoM scanning
No standard available yet
Download from website
Release asset
Separate container image with same digest and suffix
Manifest list (BuiltKit)
OCI 1.1 referrer (more later)