Today, we're excited to announce the launch of "Software Bill of Materials 101: A Guide for Developers, Security Engineers, and the DevSecOps Community". This eBook is free and open source resource that provides a comprehensive introduction to all things SBOMs.

Why We Created This Guide

While SBOMs have become increasingly critical for software supply chain security, many developers and security professionals still struggle to understand and implement them effectively. We created this guide to help bridge that knowledge gap, drawing on our experience building popular SBOM tools like Syft.

What's Inside

The ebook covers essential SBOM topics, including:

  • Core concepts and evolution of SBOMs

  • Different SBOM formats (SPDX, CycloneDX) and their use cases

  • Best practices for generating and managing SBOMs

  • Real-world examples of SBOM deployments at scale

  • Practical guidance for integrating SBOMs into DevSecOps pipelines

We've structured the content to be accessible to newcomers while providing enough depth for experienced practitioners looking to expand their knowledge.

Community-Driven Development

This guide is published under an open source license and hosted on GitHub at https://github.com/anchore/sbom-ebook. The collective wisdom of the DevSecOps community will strengthen this resource over time. We welcome contributions whether fixes, new content, or translations.

Getting Started

You can read the guide online, download PDF/ePub versions, or clone the repository to build it locally. The source is in Markdown format, making it easy to contribute improvements.

Join Us

We invite you to:

  1. Read the guide at https://github.com/anchore/sbom-ebook

  2. Star the repository to show your support

  3. Share feedback through GitHub issues

  4. Contribute improvements via pull requests

  5. Help spread the word about SBOM best practices

The software supply chain security challenges we face require community collaboration. We hope this guide advances our collective understanding of SBOMs and their role in securing the software ecosystem.

Learn about the role that SBOMs for the security of your organization in this white paper.

Download Now

Learn about the role that SBOMs for the security, including open source software (OSS) security, of your organization in this white paper.