Core Concepts
Foundational concepts for SBOM and VEX operations
The operational model references these concepts throughout its workflows and guidance. Read them in any order.
Software Bill of Materials (SBOM)
What an SBOM contains, how products and components relate, and which formats encode that information.
Vulnerability Exploitability eXchange (VEX)
How VEX communicates whether a known vulnerability affects a specific product.
Maturity Levels
Operational characteristics that distinguish L1 and L2 SBOM maturity.