The Software Bill of Materials (SBOM) has emerged as a promising solution, providing a machine-readable inventory of software components used, thus bolstering supply chain security. This paper presents an extensive study concerning the practical aspects of SBOM practice. Leveraging an analysis of 4,786 GitHub discussions from 510 SBOM-related projects, our research delineates key topics, challenges, and solutions intrinsic to the effective utilization of SBOMs. Furthermore, we shed light on commonly used tools and frameworks for generating SBOMs, exploring their respective strengths and limitations. Our findings underscore the pivotal role SBOMs play in ensuring resilient software development practices and underscore the imperative of their widespread integration to bolster supply chain security. The insights accrued from our study hold significance as valuable input for prospective research and development in this crucial domain.

翻译：软件物料清单（SBOM）作为一种有前景的解决方案脱颖而出，它以机器可读的形式提供所用软件组件的清单，从而加强供应链安全。本文对SBOM实践的实用方面进行了广泛研究。通过对来自510个SBOM相关项目的4,786个GitHub讨论进行分析，我们界定了有效利用SBOM所固有的关键主题、挑战和解决方案。此外，我们揭示了用于生成SBOM的常用工具和框架，探讨了它们各自的优势与局限。我们的研究结果强调了SBOM在确保弹性软件开发实践中的关键作用，并指出了其广泛集成以强化供应链安全的必要性。本研究积累的见解对于这一关键领域的未来研究与开发具有重要参考价值。