A software bill of materials (SBOM) is an inventory of all the code components in a product or project. Think dependencies like libraries, and lots of them. Also think code snippets, copied from elsewhere. In other words: The SBOM lists all the components your software is made off.

You need to have an SBOM, because it is the most critical data structure for correctly and safely delivering and operating software.

1. Providing an SBOM for your product is a purchasing requirement: The U.S. government requires it [1].
2. Monitoring your SBOM is a security requirement: The European Union’s Cyber Resilience Act requires it [2].
3. You want it: There is no way of ensuring open source governance, license compliance, and security without it.

Creating and maintaining an SBOM is a labor-intensive, error-prone task, that if it isn’t done well, can have dire consequences.

SCA Tool is here to help. Using our guided Declared → Discovered → Concluded workflow, you can create an SBOM with minimal effort.

At the click of a button you can then download your SBOM and add it to your product delivery. Or automatically integrate it using our REST-API.