SBOM is a formalized component inventory with standardized data fields and exchange formats (SPDX, CycloneDX) that enables security leaders to automatically track vulnerable components in the supply chain.