What is GitHub’s SBOM (Software Bill of Materials) export and why is it important for security compliance?

Question

Github — Hard

What is GitHub’s SBOM (Software Bill of Materials) export and why is it important for security compliance?

Accepted Answer

GitHub's SBOM export is a crucial feature for security compliance, as it generates SPDX-formatted bills of materials from the dependency graph. This provides a comprehensive inventory of dependencies, versions, and licenses. The correct answer is right because it accurately describes the SBOM's purpose and format. Other options are incorrect because they misrepresent the SBOM's content and purpose.