xBOM provides a single artifact that collects the various BOMs created from multiple sources. For example, software related BOMs can be created by analyzing the software stack using static code analysis, binary scanning, and configuration reviews. These BOMs can be produced and maintained through automated tools that as part of secure development workflows or during third-party software evaluations. SaaSBOMs can be generated through a combination of API discovery, inventory mapping tools, software binary analysis, and integration with IT asset management or SaaS management platforms.
Hardware related BOM can be created from design software and component specifications. While BOMs related to product operations can capture details about configurations, operating systems, and other dependencies from testing, staging, or production environments.