An SBOM (Software Bill of Materials) is a machine-readable inventory of all components, libraries, and dependencies of a piece of software. Formats such as CycloneDX and SPDX have become established standards. An SBOM lets you quickly check whether your software is affected by a newly disclosed vulnerability. In vulnerability management this is a decisive time advantage. Regulatory requirements (e.g. the EU Cyber Resilience Act) are increasingly making SBOMs mandatory. In an ISMS you document the SBOM process as part of supplier management and software-asset management.