software bill of materials

A manifest which uniquely identifies and enumerates the software dependencies contained within a codebase, software artifact, or runtime container. In a security context, it is used to track the chain of custody of software components and to ensure that the components are free of known vulnerabilities.