An SBOM must explicitly state the depth of the components, including all primary components and their transitive dependencies, ensuring top-level dependencies are detailed enough to identify all subsequent dependencies recursively.

Authors

• Person: Not available Organization: Department for Science, Innovation and Technology
  Open source software best practices and supply chain risk ... - GOV.UK

Sources

• Open source software best practices and supply chain risk ... - GOV.UK www.gov.uk Department for Science, Innovation and Technology via serper

Referenced by nodes (1)

• Software Bill of Materials (SBOM) concept