V2 Software Bill of Materials

Control Objective

Automatically creating accurate Software Bill of Materials (SBOM) in the build pipeline is one indicator of mature development processes. SBOMs should be a machine readable format. Each format has different capabilities and use-cases they excel in. Part of SBOM adoption is identifying the use-cases and capabilities best suited to specific purposes. While SBOM format standardization across an organization may be desirable, it may be necessary to adopt more than one to meet functional, contractual, compliance, or regulatory requirements.

Verification Requirements

Last updated