SBOM & VEX Workflows
A Software Bill of Materials (SBOM) records the software components in a product or release. A Vulnerability Exploitability eXchange (VEX) record explains whether a known vulnerability in one of those components affects the product.