[{"data":1,"prerenderedAt":483},["ShallowReactive",2],{"/en-us/the-source/security/guide-to-dynamic-sboms/":3,"footer-en-us":35,"the-source-banner-en-us":341,"the-source-navigation-en-us":353,"the-source-newsletter-en-us":381,"article-site-categories-en-us":392,"guide-to-dynamic-sboms-article-hero-category-en-us":394,"guide-to-dynamic-sboms-the-source-gated-asset-en-us":418,"guide-to-dynamic-sboms-category-en-us":431,"guide-to-dynamic-sboms-the-source-resources-en-us":443},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":13,"content":19,"type":27,"slug":28,"category":5,"_id":29,"_type":30,"title":7,"_source":31,"_file":32,"_stem":33,"_extension":34},"/en-us/the-source/security/guide-to-dynamic-sboms","security",false,"",{"layout":9,"template":10,"articleType":11,"featured":6,"gatedAsset":12},"the-source","TheSourceArticle","Guide","pf-guide-to-dynamic-sboms",{"title":14,"description":15,"ogImage":16,"config":17},"Guide to dynamic SBOMs: Securing software supply chains in modern development","Learn how SBOMs enhance software supply chain security and help teams identify potential vulnerabilities across the software development lifecycle.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464291/pcipekvy5bnabud9zfk2.png",{"ignoreTitleCharLimit":18},true,{"title":14,"date":20,"description":15,"timeToRead":21,"heroImage":16,"keyTakeaways":22,"articleBody":26},"2023-03-07","5 min read",[23,24,25],"Security teams struggle to manage risks in complex software supply chains as open-source components dominate modern applications. Organizations need visibility into third-party components and software dependencies.","As development environments and continuous integration accelerate delivery, security vulnerabilities become harder to track. Teams need tools for informed decisions about vulnerability management.","Software composition analysis and license compliance are critical as regulations expand. Organizations must validate open-source and third-party components throughout the development lifecycle.","In today's threat landscape, comprehensive security solutions are essential for protecting your software ecosystem. A software bill of materials (SBOM) - a detailed inventory of software components - enables security teams to identify and address cyber threats proactively and maintain continuous visibility into their software supply chains.\n\nGitLab research reveals that 69% of global CXOs are shipping software products twice as fast as last year, even as software supply chains grow more complex. With software liability discussions intensifying, clear visibility into potential vulnerabilities is essential. Organizations must understand their exposure across all software dependencies.\n\nImplementing comprehensive SBOMs enables teams to identify vulnerabilities and strengthen software supply chain security through systematic analysis and triage.\n\nIntegrating external software dependencies requires sophisticated vulnerability management - and SBOMs make this possible.\n\n## The role of SBOMs in code management\nBeyond basic code snippets and source files, SBOMs provide a complete view of your software components. This visibility is crucial for:\n\n- Tracking compliance with licensing requirements across the development lifecycle\n- Maintaining detailed software inventories for regulatory compliance\n- Managing potential risks in third-party and open-source components\n- Implementing proactive security measures throughout the software ecosystem\n\n## Security and compliance for modern applications\nAs development processes evolve, security solutions must adapt to new challenges. Organizations need:\n\n- Real-time visibility into software inventories and component relationships\n- Automated tools for tracking licensing terms and compliance issues\n- Standardized formats for sharing software inventories across teams\n- Proactive management of security measures and compliance requirements\n\nGitLab's 2024 DevSecOps Report found that while 67% of developers rely heavily on open-source software and third-party components, only 21% leverage SBOMs in their software development lifecycle. This visibility gap in software supply chains creates significant risk - especially as continuous integration practices accelerate development.\n\nSBOMs benefit diverse use cases beyond basic open-source software management. They provide critical insights for projects incorporating commercial third-party components, cross-project integrations, and external code contributions - any scenario where software dependencies impact your broader development environment. Security teams can make more informed decisions about vulnerability management when they have comprehensive visibility into their entire software supply chain.\n\n## Future-proofing your software security\nImplementing comprehensive SBOMs is essential for maintaining robust supply chain security. With a robust SBOM strategy, organizations can:\n\n- Maintain accurate software inventories throughout the development lifecycle\n- Address compliance requirements proactively\n- Manage potential risks in real time\n- Ensure consistent security measures across the software ecosystem\n","article","guide-to-dynamic-sboms","content:en-us:the-source:security:guide-to-dynamic-sboms:index.yml","yaml","content","en-us/the-source/security/guide-to-dynamic-sboms/index.yml","en-us/the-source/security/guide-to-dynamic-sboms/index","yml",{"_path":36,"_dir":37,"_draft":6,"_partial":6,"_locale":7,"data":38,"_id":337,"_type":30,"title":338,"_source":31,"_file":339,"_stem":340,"_extension":34},"/shared/en-us/main-footer","en-us",{"text":39,"source":40,"edit":46,"contribute":51,"config":56,"items":61,"minimal":329},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":41,"config":42},"View page source",{"href":43,"dataGaName":44,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":47,"config":48},"Edit this page",{"href":49,"dataGaName":50,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":52,"config":53},"Please contribute",{"href":54,"dataGaName":55,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":57,"facebook":58,"youtube":59,"linkedin":60},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[62,89,161,229,291],{"title":63,"links":64,"subMenu":70},"Platform",[65],{"text":66,"config":67},"DevSecOps platform",{"href":68,"dataGaName":69,"dataGaLocation":45},"/platform/","devsecops platform",[71],{"title":72,"links":73},"Pricing",[74,79,84],{"text":75,"config":76},"View plans",{"href":77,"dataGaName":78,"dataGaLocation":45},"/pricing/","view plans",{"text":80,"config":81},"Why Premium?",{"href":82,"dataGaName":83,"dataGaLocation":45},"/pricing/premium/","why premium",{"text":85,"config":86},"Why Ultimate?",{"href":87,"dataGaName":88,"dataGaLocation":45},"/pricing/ultimate/","why ultimate",{"title":90,"links":91},"Solutions",[92,97,101,106,111,116,121,126,131,136,141,146,151,156],{"text":93,"config":94},"Digital transformation",{"href":95,"dataGaName":96,"dataGaLocation":45},"/topics/digital-transformation/","digital transformation",{"text":98,"config":99},"Application Security Testing",{"href":100,"dataGaName":98,"dataGaLocation":45},"/solutions/application-security-testing/",{"text":102,"config":103},"Automated software delivery",{"href":104,"dataGaName":105,"dataGaLocation":45},"/solutions/delivery-automation/","automated software delivery",{"text":107,"config":108},"Agile development",{"href":109,"dataGaName":110,"dataGaLocation":45},"/solutions/agile-delivery/","agile delivery",{"text":112,"config":113},"Cloud transformation",{"href":114,"dataGaName":115,"dataGaLocation":45},"/topics/cloud-native/","cloud transformation",{"text":117,"config":118},"SCM",{"href":119,"dataGaName":120,"dataGaLocation":45},"/solutions/source-code-management/","source code management",{"text":122,"config":123},"CI/CD",{"href":124,"dataGaName":125,"dataGaLocation":45},"/solutions/continuous-integration/","continuous integration & delivery",{"text":127,"config":128},"Value stream management",{"href":129,"dataGaName":130,"dataGaLocation":45},"/solutions/value-stream-management/","value stream management",{"text":132,"config":133},"GitOps",{"href":134,"dataGaName":135,"dataGaLocation":45},"/solutions/gitops/","gitops",{"text":137,"config":138},"Enterprise",{"href":139,"dataGaName":140,"dataGaLocation":45},"/enterprise/","enterprise",{"text":142,"config":143},"Small business",{"href":144,"dataGaName":145,"dataGaLocation":45},"/small-business/","small business",{"text":147,"config":148},"Public sector",{"href":149,"dataGaName":150,"dataGaLocation":45},"/solutions/public-sector/","public sector",{"text":152,"config":153},"Education",{"href":154,"dataGaName":155,"dataGaLocation":45},"/solutions/education/","education",{"text":157,"config":158},"Financial services",{"href":159,"dataGaName":160,"dataGaLocation":45},"/solutions/finance/","financial services",{"title":162,"links":163},"Resources",[164,169,174,179,184,189,194,199,204,209,214,219,224],{"text":165,"config":166},"Install",{"href":167,"dataGaName":168,"dataGaLocation":45},"/install/","install",{"text":170,"config":171},"Quick start guides",{"href":172,"dataGaName":173,"dataGaLocation":45},"/get-started/","quick setup checklists",{"text":175,"config":176},"Learn",{"href":177,"dataGaName":178,"dataGaLocation":45},"https://university.gitlab.com/","learn",{"text":180,"config":181},"Product documentation",{"href":182,"dataGaName":183,"dataGaLocation":45},"https://docs.gitlab.com/","docs",{"text":185,"config":186},"Blog",{"href":187,"dataGaName":188,"dataGaLocation":45},"/blog/","blog",{"text":190,"config":191},"Customer success stories",{"href":192,"dataGaName":193,"dataGaLocation":45},"/customers/","customer success stories",{"text":195,"config":196},"Remote",{"href":197,"dataGaName":198,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":200,"config":201},"GitLab Services",{"href":202,"dataGaName":203,"dataGaLocation":45},"/services/","services",{"text":205,"config":206},"TeamOps",{"href":207,"dataGaName":208,"dataGaLocation":45},"/teamops/","teamops",{"text":210,"config":211},"Community",{"href":212,"dataGaName":213,"dataGaLocation":45},"/community/","community",{"text":215,"config":216},"Forum",{"href":217,"dataGaName":218,"dataGaLocation":45},"https://forum.gitlab.com/","forum",{"text":220,"config":221},"Events",{"href":222,"dataGaName":223,"dataGaLocation":45},"/events/","events",{"text":225,"config":226},"Partners",{"href":227,"dataGaName":228,"dataGaLocation":45},"/partners/","partners",{"title":230,"links":231},"Company",[232,237,242,247,252,257,262,266,271,276,281,286],{"text":233,"config":234},"About",{"href":235,"dataGaName":236,"dataGaLocation":45},"/company/","company",{"text":238,"config":239},"Jobs",{"href":240,"dataGaName":241,"dataGaLocation":45},"/jobs/","jobs",{"text":243,"config":244},"Leadership",{"href":245,"dataGaName":246,"dataGaLocation":45},"/company/team/e-group/","leadership",{"text":248,"config":249},"Team",{"href":250,"dataGaName":251,"dataGaLocation":45},"/company/team/","team",{"text":253,"config":254},"Handbook",{"href":255,"dataGaName":256,"dataGaLocation":45},"https://handbook.gitlab.com/","handbook",{"text":258,"config":259},"Investor relations",{"href":260,"dataGaName":261,"dataGaLocation":45},"https://ir.gitlab.com/","investor relations",{"text":263,"config":264},"Sustainability",{"href":265,"dataGaName":263,"dataGaLocation":45},"/sustainability/",{"text":267,"config":268},"Diversity, inclusion and belonging (DIB)",{"href":269,"dataGaName":270,"dataGaLocation":45},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":272,"config":273},"Trust Center",{"href":274,"dataGaName":275,"dataGaLocation":45},"/security/","trust center",{"text":277,"config":278},"Newsletter",{"href":279,"dataGaName":280,"dataGaLocation":45},"/company/contact/","newsletter",{"text":282,"config":283},"Press",{"href":284,"dataGaName":285,"dataGaLocation":45},"/press/","press",{"text":287,"config":288},"Modern Slavery Transparency Statement",{"href":289,"dataGaName":290,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":292,"links":293},"Contact Us",[294,299,304,309,314,319,324],{"text":295,"config":296},"Contact an expert",{"href":297,"dataGaName":298,"dataGaLocation":45},"/sales/","sales",{"text":300,"config":301},"Get help",{"href":302,"dataGaName":303,"dataGaLocation":45},"/support/","get help",{"text":305,"config":306},"Customer portal",{"href":307,"dataGaName":308,"dataGaLocation":45},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":310,"config":311},"Status",{"href":312,"dataGaName":313,"dataGaLocation":45},"https://status.gitlab.com/","status",{"text":315,"config":316},"Terms of use",{"href":317,"dataGaName":318,"dataGaLocation":45},"/terms/","terms of use",{"text":320,"config":321},"Privacy statement",{"href":322,"dataGaName":323,"dataGaLocation":45},"/privacy/","privacy statement",{"text":325,"config":326},"Cookie preferences",{"dataGaName":327,"dataGaLocation":45,"id":328,"isOneTrustButton":18},"cookie preferences","ot-sdk-btn",{"items":330},[331,333,335],{"text":315,"config":332},{"href":317,"dataGaName":318,"dataGaLocation":45},{"text":320,"config":334},{"href":322,"dataGaName":323,"dataGaLocation":45},{"text":325,"config":336},{"dataGaName":327,"dataGaLocation":45,"id":328,"isOneTrustButton":18},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":342,"_dir":343,"_draft":6,"_partial":6,"_locale":7,"visibility":18,"id":344,"title":345,"button":346,"_id":350,"_type":30,"_source":31,"_file":351,"_stem":352,"_extension":34},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":347,"text":349},{"href":348},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":354,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":355,"subscribeLink":360,"navItems":364,"_id":377,"_type":30,"title":378,"_source":31,"_file":379,"_stem":380,"_extension":34},"/shared/en-us/the-source/navigation",{"altText":356,"config":357},"the source logo",{"src":358,"href":359},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":361,"config":362},"Subscribe",{"href":363},"#subscribe",[365,369,373],{"text":366,"config":367},"Artificial Intelligence",{"href":368},"/the-source/ai/",{"text":370,"config":371},"Security & Compliance",{"href":372},"/the-source/security/",{"text":374,"config":375},"Platform & Infrastructure",{"href":376},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":382,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":383,"description":384,"submitMessage":385,"formData":386,"_id":389,"_type":30,"_source":31,"_file":390,"_stem":391,"_extension":34},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":387},{"formId":388,"formName":280,"hideRequiredLabel":18},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"categoryNames":393},{"ai":366,"platform":374,"security":370},{"_path":395,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":396,"config":397,"seo":398,"content":401,"slug":5,"_id":415,"_type":30,"title":7,"_source":31,"_file":416,"_stem":417,"_extension":34},"/en-us/the-source/security","category",{"layout":9},{"title":370,"description":399,"ogImage":400},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[402,407],{"componentName":403,"type":403,"componentContent":404},"TheSourceCategoryHero",{"title":370,"description":399,"image":405},{"config":406},{"src":400},{"componentName":408,"type":408,"componentContent":409},"TheSourceCategoryMainSection",{"config":410},{"gatedAssets":411},[412,413,414],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":419,"_dir":420,"_draft":6,"_partial":6,"_locale":7,"config":421,"title":424,"link":425,"_id":428,"_type":30,"_source":31,"_file":429,"_stem":430,"_extension":34},"/shared/en-us/the-source/gated-assets/pf-guide-to-dynamic-sboms","gated-assets",{"id":12,"formId":422,"utmCampaign":423},1002,"eg_global_cmp_gated-content_speedsecurity_en_dynamicsboms","Guide to dynamic SBOMs: An integral element of modern software development",{"config":426},{"href":427},"https://learn.gitlab.com/the-source-security/gitlab-guide-to-dyna","content:shared:en-us:the-source:gated-assets:pf-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/pf-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/pf-guide-to-dynamic-sboms",{"_path":395,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":396,"config":432,"seo":433,"content":434,"slug":5,"_id":415,"_type":30,"title":7,"_source":31,"_file":416,"_stem":417,"_extension":34},{"layout":9},{"title":370,"description":399,"ogImage":400},[435,439],{"componentName":403,"type":403,"componentContent":436},{"title":370,"description":399,"image":437},{"config":438},{"src":400},{"componentName":408,"type":408,"componentContent":440},{"config":441},{"gatedAssets":442},[412,413,414],[444,458,471],{"_path":445,"_dir":420,"_draft":6,"_partial":6,"_locale":7,"config":446,"title":447,"description":448,"link":449,"_id":455,"_type":30,"_source":31,"_file":456,"_stem":457,"_extension":34},"/shared/en-us/the-source/gated-assets/application-security-in-the-digital-age",{"id":414,"formId":422},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":450,"config":451},"Read the report",{"href":452,"dataGaName":453,"dataGaLocation":454},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource","content:shared:en-us:the-source:gated-assets:application-security-in-the-digital-age.yml","shared/en-us/the-source/gated-assets/application-security-in-the-digital-age.yml","shared/en-us/the-source/gated-assets/application-security-in-the-digital-age",{"_path":459,"_dir":420,"_draft":6,"_partial":6,"_locale":7,"config":460,"title":461,"description":462,"link":463,"_id":468,"_type":30,"_source":31,"_file":469,"_stem":470,"_extension":34},"/shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience",{"id":413},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":464,"config":465},"Download the guide",{"href":466,"dataGaName":467,"dataGaLocation":454},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:gated-assets:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":472,"_dir":420,"_draft":6,"_partial":6,"_locale":7,"config":473,"title":424,"description":474,"link":475,"_id":480,"_type":30,"_source":31,"_file":481,"_stem":482,"_extension":34},"/shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms",{"id":412},"Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":476,"config":477},"Read the guide",{"href":478,"dataGaName":479,"dataGaLocation":454},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","content:shared:en-us:the-source:gated-assets:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms",1758747484389]