Software supply chain

A software supply chain is the components, libraries, tools, and processes used to develop, build, and publish a software artifact.[1]

A software bill of materials (SBOM) declares the inventory of components used to build a software artifact, including any open source and proprietary software components.[2][3] It is the software analogue to the traditional manufacturing BOM, which is used as part of supply chain management.[4]

  1. ^ "For Good Measure Counting Broken Links: A Quant's View of Software Supply Chain Security" (PDF). USENIX ;login. Archived (PDF) from the original on 2022-12-17. Retrieved 2022-07-04.
  2. ^ "[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management". Archived from the original on 2015-06-14. Retrieved 2015-06-12.
  3. ^ "Software Bill of Materials". ntia.gov. Archived from the original on 2022-11-30. Retrieved 2021-01-25.
  4. ^ "Code, Cars, and Congress: A Time for Cyber Supply Chain Management". Archived from the original on 2014-12-30. Retrieved 2015-06-12.