Andreas Bergqvist, Karl-Philip Ble Cato:
Exploring the extension of Software Bill of Materials Usage,
summary, report, June 2025.

Abstract:

Legislative actions in both the European Union and the United States havesparked discussions surrounding the Software Bill of Materials (SBoM) as a means of enhancing transparency in the software supply chain. This case study investigates how SBoMs can be leveraged throughout the development process. We conducted interviews with fourteen employees to identify key data points of interest and understand their utilization. The results from these interviews were compiled into a use case catalog and a set of data points.

This study defines a standard SBoM to meet the technical guidelines set by European and American initiatives pursuant to coming legislation. This standard is then compared to our set of data points to identify which are extension points. Most use cases can be achieved through standard data points, further advocating for SBoM adoption. Additionally, a data gap between the minimum elements stated by these guidelines and relevant data for day-to-day tasks was identified that the extended SBoM (eSBoM) could address.

This study demonstrates that SBoMs can be generated within the CI/CD pipeline during pipeline builds to enable automation ensuring that the SBoM follows the component it describes. Incorporating SBoMs early in software development can enhance transparency internally and reduce double maintenance.