SBOM is a critical step for software supply chain security, but it is only the second act in a five-act play. SBOM is a static list of the name, version, license, and any vulnerabilities of open-source components used to develop and build a piece of software. It is important for quality control and a crucial step for software supply chain security, but SBOMs leave large parts of the software supply chain in the dark. OX Security’s PBOM standard shines a light on those dark places, scanning the full software supply chain, ensuring the integrity of every build, verifying the security of all apps in production, and minimizing the attack surface.