6.5 Software Bill of Materials

Description

Agents MUST have a complete SBOM listing all components and dependencies.

Rationale

SBOMs enable rapid vulnerability response by identifying affected components.

Audit Procedure

1. Check for SBOM file
2. Verify SBOM includes all dependencies
3. Check SBOM format compliance

Remediation

1. Generate SBOM during build
2. Include in release artifacts
3. Extend to Agent BOM (ABOM) for AI agents

Framework Mappings