If you look at XZ utils or Log4j, it has become clear that serious software vulnerabilities are not isolated incidents.
While the origin of the issues differ, anyone who has had to track down the impact of these problems knows that finding the impact and remediating them is a time-consuming process. Software Bill of Materials (SBOM) help with specific applications but understanding and risking the overall impact is difficult.

I have recently integrated SBOM ingestion into Nodestream to help with this problem, and allow you to gain more complete visibility into software components and dependencies.

If you're interested in more details, please check out the recent blog post on Software Vulnerability Analysis using SBOMs, Amazon Neptune, and Nodestream.