# SBOM Guidance

## Purpose

Track and review third-party components, versions, and licenses per release.

## Process

- Generate SBOM during build
- Store with release artifacts and link in registry
- Review license and vulnerability impacts

## Minimum Contents

- Component name and version
- Source and license
- Known advisories