Software Bills of Materials (SBOMs)

Understanding their importance

A Software Bill of Materials (SBOM) is a comprehensive inventory that lists all components, dependencies, and third-party libraries used in a software application. Drawing from manufacturing practices where products require detailed parts lists, SBOMs provide transparency into modern software’s complex supply chains by documenting every open-source library, proprietary component, framework and their specific versions.

This visibility has become critical for cybersecurity following high-profile supply chain attacks like SolarWinds and Log4j, which exposed how compromised components can threaten entire systems. SBOMs enable organizations to quickly identify vulnerabilities, manage licensing compliance, and assess security risks across their software ecosystem. For example, the U.S. government now mandates SBOMs for federal software procurement as essential tools for software supply chain security, while organizations use them to streamline vulnerability management, guide procurement decisions and accelerate incident response when security issues are discovered.

Acquiring .bom files

MTG CLM provides .bom files in different ways according to each specific distribution:

Linux

For Linux distros you can find each component’s .bom files under the following path:

/usr/share/doc/mtg/{mtg-component-name}

Kubernetes & Linux

Below you can find an alternative way for downloading .bom files for Linux distributions, as well as Kubernetes installations

  1. Visit MTG Download Center.

  2. Select your desired product from the list.

    Kubernetes
    sboms1
    Linux
    sboms2

  3. Click on your desired .bom file to download it.

    Kubernetes
    sboms3
    Linux
    sboms4