What Is an SBOM?

Guides developers and administrators through the core concepts of an SBOM and the industry standards.

Overview

This section is a learning guide for those encountering an SBOM (Software Bill of Materials) for the first time. It covers what an SBOM is, why it is needed, and how the industry-standard formats differ from each other.

Guide Structure

  1. Concept and Necessity: Explains what an SBOM is and the fundamental reasons why we need it now.
  2. Standards Comparison (SPDX vs CycloneDX): Understand the differences between the industry-standard formats so you can choose the format that fits the nature of your project.

For the practical side — actually generating, validating, and submitting an SBOM — see the Supplier Guide.


SBOM Concept and Necessity

Explains the definition of an SBOM as a software bill of materials and the three core purposes of adopting it (security, licensing, and management).

SBOM Standards

Compares the characteristics of SPDX and CycloneDX, the two leading SBOM standards, and presents criteria for choosing the one that fits your project.