Software Bill of Materials (SBOM)

SBOM: Understanding What's Inside Your Software ​

The Escrow Company Software Bill of Materials (SBOM) service offers organizations a comprehensive inventory of all components, libraries, and dependencies contained within software source code, including open-source and third-party elements. 

As well as being an important part of modern Supply Chain Security and Vulnerability Management strategies, Governments and regulatory bodies are increasingly mandating or recommending SBOMs as part of broader efforts to strengthen software supply chain security.  

An SBOM can be provided on its own, or combined with a Software Escrow or SaaS Escrow agreement to provide additional assurance that software composition is transparently documented for the Beneficiary. 

Using reachability analysis and dependency mapping, the CBOM provides visibility into both direct and hidden cryptographic risks across modern software supply chains

server farm

Why SBOM Matters ​

Modern software applications often rely on a combination of proprietary code, open-source libraries, and third-party components. 

Understanding what is contained within a software application is becoming increasingly important for software governance, supplier management, due diligence, mergers and acquisitions as well as long-term software supportability. 

An SBOM provides transparency into software composition, helping organisations better understand the components that underpin critical software systems  within them. 

For beneficiaries of Software Escrow and SaaS Escrow agreements, this can provide additional visibility into the software assets upon which they depend. 

What the SBOM Assessment Includes:

The Escrow Company SBOM service includes: 

  • Software component inventory  
  • Open-source dependency discovery  
  • Third-party library identification  
  • Dependency mapping (can be included as a component) 
  • The assessment analyses both proprietary software and third-party dependencies to produce a comprehensive inventory of the components that make up an application. 

SBOM Deliverables: ​

The SBOM assessment produces three core deliverables: 

Detailed Results 

Delivered in JSON format for use by technical teams. 

Human-Readable Excel Report 

Designed to provide a clear inventory of software components and dependencies. 

Executive Summary Report 

A high-level summary report provided  outlining key findings and observations.

developer

Built for Modern Software Environments ​

The SBOM service can be applied to: 

  • Third-party software as part of Software Escrow and SaaS Escrow agreements  
  • In-house developed applications  
  • Applications containing open-source components  
  • Software developed by third-party or subcontracted development teams  

Supporting Software Transparency

An SBOM provides a structured inventory of the software components contained within an application. 

For beneficiaries, it offers additional visibility into software composition as part of an escrow arrangement. For software vendors, it demonstrates transparency around the components used within their software products. 

As software ecosystems continue to grow in complexity, organisations are increasingly seeking greater visibility into the software assets they depend upon and the third-party components that support them. 

Looking for an SBOM?​

  • Comprehensive inventory of the components that make up your application. ​
  • Detailed report in JSON format, a human-readable Excel report and a high level executive summary.​
  • Global footprint with offices in London (HQ) UK, Atlanta, USA, and Sydney, Australia.
Leading Companies Trust The Escrow Company
AIG
ub
DFE
five guys
aus
ELFUJ80
standard chartered
bp
pfizer

YES! I want a free quote

If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.

Needs to be in international format, please include + country code