A formal record containing the details and supply chain relationships of various components used in building software. Software developers and vendors often create products by assembling existing open source and commercial software components. The SBOM enumerates these components in a product.
Sources:
NIST SP 800-161r1-upd1
[11/1/2024 errata update]
from
E.O. 14028 - supra note 1, § 10(j)