Skip to content
devops

SBOM Generation

SBOM Generation in CI

Definition

SBOM generation in CI automatically creates a Software Bill of Materials as part of the build pipeline, capturing all components, libraries, and their versions at build time. Tools like Syft, Trivy, and CycloneDX generate SBOMs in standard formats (SPDX, CycloneDX) and attach them to container images as OCI attestations.

Automated SBOM generation ensures supply chain transparency at every release.

Related Terms

cosign
cosign
OCI
Open Container Initiative
Container Image
Container Image
Image Signing
Container Image Signing
← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product