Open Access

AI-Driven SBOM: Automated Software Bill of Materials Generation and Management

4 JPMorgan Chase, USA

Abstract

The openness of modern software development has increased the urgent demand and necessity to manage Software Bill of Materials (SBOM) comprehensively due to the increasing number of open-source elements and third-party dependencies. Manual methods of SBOM generation and maintenance are tedious, prone to error, and are unable to keep up with short development cycles. In this paper, a framework based on AI to generate SBOM, analyze it, and assess the vulnerability is introduced. By using machine learning algorithms such as natural language processing, graph neural networks, and deep learning models, we can automatically identify, classify, and trace components in a complex chain of dependencies of software [1][2]. Our multi-model system of architectural design that employs the methods of the static analysis and the AI-based pattern recognition allows us to reach the results of 94.7 percent component detection and 91.3 percent accuracy in vulnerability mapping. It uses automated package manager parsing, binary analysis and license compliance verification as methodology. The experimental findings prove to be markedly better than the traditional tools that minimize the time of SBOM generation by 78% and maximize completeness by 34%. The system has managed to point out 2,847 untested faiths in enterprise codebases and has accordingly classified 96.2 percent of software licenses. We find the results that AI-powered SBOM systems do not just improve the security posture but also facilitate compliance processes, so they must be part of present-day DevSecOps. This study is relevant to the developing body of AI-enhanced software supply chain security.

How to Cite

Osha Shukla. (2025). AI-Driven SBOM: Automated Software Bill of Materials Generation and Management. Frontiers in Emerging Artificial Intelligence and Machine Learning, 2(12), 86–92. https://doi.org/10.64917/feaiml/Volume02Issue12-08

References

📄 Chen, Y., Liu, X., & Zhang, M. (2020). Automated dependency analysis for software bill of materials. Proceedings of the IEEE Software Engineering Conference, 145–156.
📄 Rodriguez, A., Kumar, S., & Patel, N. (2021). Binary fingerprinting techniques for component identification. ACM Transactions on Software Engineering and Methodology, 47(3), 234–251.
📄 Kundu, S., Ninoria, S. Z., Chaturvedi, R. P., Mishra, A., Agrawal, A., Batra, R., … Hashmi, A. (2025). Real-time deforestation anomaly detection using YOLO and LangChain agents for sustainable environmental monitoring. Scientific Reports, 15(1), Article 39961.
📄 Kim, J., & Park, H. (2022). Machine learning approaches to SBOM generation. Journal of Systems and Software, 186, Article 111127.
📄 Zhang, L., Wang, Q., & Chen, H. (2022). Deep learning for software composition analysis. Proceedings of the International Conference on Software Maintenance, 78–92.
📄 Anderson, M., Thompson, R., & Garcia, E. (2023). Hybrid static-dynamic analysis for comprehensive SBOMs. IEEE Transactions on Dependable and Secure Computing, 20(4), 567–582.
📄 Liu, W., & Wang, X. (2023). Graph neural networks for dependency resolution. Neural Computing and Applications, 35, 8901–8918.
📄 Patel, R., Singh, A., & Kumar, V. (2024). Transformer-based approaches to software component classification. Artificial Intelligence Review, 57, 445–464.
📄 Martinez, C., Johnson, D., & Lee, S. (2024). Ensemble methods for accurate SBOM generation. Software: Practice and Experience, 54(6), 1234–1256.
📄 National Telecommunications and Information Administration. (2021). The minimum elements for a software bill of materials (SBOM). U.S. Department of Commerce.
📄 Ramdoss, V. S., & Rajan, P. D. M. (2025). Evaluating the effectiveness of APM tools (Dynatrace, AppDynamics) in real-time performance monitoring. The Eastasouth Journal of Information System and Computer Science, 2(3), 399–402.
📄 Ramdoss, V. S. (2025). AI-enhanced gRPC load testing and benchmarking. International Journal of Data Science and Machine Learning, 5(1), 7–10.
📄 Nagesh, M., Reddy, D. M., Kumar, N., Chaturvedi, R. P., & Mishra, A. (2025). Time series analysis of FDI in India using ARIMA-SVR hybrid machine learning model. Indian Journal of Finance, 73–88.
📄 Thanvi, Y. S. (2025). Comparative analysis of cloud audit programs: AWS, Azure, GCP, and COBIT 2019 integration. American Journal of Engineering and Technology, 7(9), 186–194.
📄 Chadha, K. S. (2025). Zero-trust data architecture for multi-hospital research: HIPAA-compliant unification of EHRs, wearable streams, and clinical trial analytics. International Journal of Computational and Experimental Science and Engineering, 11(3).
📄 Chadha, K. S. (2025). Predictive risk modeling in P&C insurance using Guidewire DataHub and Power BI embedded analytics. International Journal of Networks and Security.
📄 Velaga, V. S. S. (2025). A hybrid cloud migration framework for legacy enterprise applications using Azure and microservices architecture.