Explaining SBOMs
An SBOM is a machine-readable list of every component in a piece of software, letting teams find vulnerabilities or license issues quickly and improving supply-chain security.
What is an SBOM?
A Software Bill of Materials (SBOM) is a structured inventory of all components that make up your software. It typically lists each component’s name, version, origin, license, and dependency relationships. SBOMs improve transparency, speed up vulnerability/license audits, and are a key building block of software supply-chain security.
📌How to create a SBOM
📌How to upload a SBOM to Devguard
📌 SBOM Example
🇪🇺In the Future
The Cyber Resilience Act (CRA)—published as Regulation (EU) 2024/2847—will reshape how any “product with digital elements” (hardware or software that can connect to a network) is developed, shipped, and maintained:
| Milestone | What happens | Why it matters |
|---|---|---|
| 10 Dec 2024 | CRA entered into force (was published in the Official Journal). | The clock started on the transition period. (Digital Strategy) |
| 11 Sep 2026 | First tranche of duties (e.g., vulnerability reporting) apply. | Manufacturers must already have processes in place. (openssf.org) |
| 11 Dec 2027 | Full application—every product placed on the EU market must ship with a machine-readable SBOM and comply with all Annex I & II cybersecurity requirements. | No SBOM ⇢ no market access. (Digital Strategy, EUR-Lex) |
| Penalties | Up to €15 million or 2.5 % of worldwide turnover for serious non-compliance. | Similar bite to GDPR fines. (Strobes Security) |