docs/data/reusables/dependency-graph/sbom-intro.md

An SBOM is a formal, machine-readable inventory of a project's dependencies and associated information (such as {%ifversion ghes %}versions and package identifiers{%else %}versions, package identifiers, and licenses{% endif %}). SBOMs help reduced supply chain risks by:

• providing transparency about the dependencies used by your repository
• allowing vulnerabilities to be identified early in the process
• providing insights in the license compliance, security, or quality issues that may exist in your codebase
• enabling you to better comply with various data protection standards