What is SBOM generation and usage in GAS used for?

SBOMs (Software Bills of Materials) are inventories of the software components that make up a product. Generating an SBOM in GAS collects the components, their versions, licenses, and how they depend on one another, creating a formal map of what’s inside the software. This mapping enables supply chain transparency because it provides a verifiable, machine-readable record that can be shared with teams, vendors, and auditors to understand what components are present, where they come from, and what risks they may carry. In practice, GAS uses SBOMs to help identify vulnerable dependencies, track license compliance, and support governance and remediation workflows—knowing exactly which component introduces a vulnerability or license obligation makes it easier to fix or replace. The other options don’t fit because SBOMs are about inventory and transparency of software components, not about speeding compilation, reducing binary size, or encrypting code.