Data Model for SBOM release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Data Model for SBOM Release Notes

    The Data Model for SBOM application on the ServiceNow Store provides a structured framework to manage Software Bill of Materials (SBOM) data. It supports uploading, parsing, ingesting, and tracking SBOMs, enabling customers to improve software supply chain security and compliance. The release notes detail enhancements, fixes, and new features across multiple versions to align with evolving security standards and operational needs.

    Show full answer Show less

    Key Features

    • Security and Compliance Enhancements: Updates to SBOM Data Model tables to comply with ServiceNow Platform Security guidelines, including read-only dictionary fields and refined fix scripts to avoid update conflicts.
    • Improved BOM Processing: Addition of new status options like "Timeout" for BOM documents, and tracking fields such as processing start time and duration to monitor and analyze BOM processing workflows effectively.
    • Data Model Optimization: Introduction of new indexes on critical tables to enhance query performance, and new fields to support asynchronous processing and direct storage of component hash values (SHA-256).
    • License and Dependency Management: Support for License administration modules and improved navigation of component dependencies by enabling related lists and removing duplicate filters.
    • Bulk Operations: Capability to delete BOM entity records and their components in bulk from the Software Bill of Materials Workspace, facilitating easier data management.
    • Role-Based Access Control (RBAC): Addition of new roles and Access Control Lists (ACLs) to enhance security and control over sensitive SBOM data tables.
    • Support for DevOps and PURL Validation: Data model enhancements to manage unique SBOMs for multiple builds and to validate Package URLs (PURLs), improving integration with DevOps processes.
    • Initial Release Functionality: Core tables, ACLs, and roles required to upload and process SBOM data were established in the initial release.

    Key Outcomes

    • Customers can securely manage SBOM data with improved compliance to security directives and platform standards.
    • Enhanced tracking and status options enable better monitoring of SBOM processing and timely identification of workflow issues.
    • Performance improvements via indexing and data model refinements support faster queries and efficient data handling.
    • Expanded capabilities for license management and component dependencies allow for more comprehensive software supply chain analysis.
    • Bulk edit and deletion features simplify administration of large SBOM datasets.
    • Stronger access controls protect sensitive SBOM data while supporting collaborative workflows.
    • Support for DevOps and PURL validation aligns SBOM management with modern software development practices.

    Version history for the Vulnerability Response Data Model for SBOM application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 4.2.4 - June 2026
    • The following enhancements and changes support internal security directives:
      • Updates for the SBOM Data Model tables to align with ServiceNow Platform Security guidance.
      • Read-only dictionary fields for SBOM Data Model tables.
      • Renamed fix script to a per-plugin name to avoid update-set conflicts with sibling Security Operations plugins.
    Version 4.2.2 - April 2026
    • New:
      • Added "Timeout" status option to the BOM document status field to help you better track BOMs that exceed their processing time limits.
      • Introduced new tracking fields on BOM document records, including processing_started(timestamp when processing begins) and processing_duration(total time spent in processing), enabling you to better monitor and analyze BOM processing workflows.
    Version 4.2.1 - December 2025
    • Fixed:
      • Fixed an issue where the Activity tab in SBOM License records failed to persist historical state changes.
      • Enabled the “Depends on” related list for intermediate SBOM entities and removed duplicate active filters for accurate dependency navigation.
    Version 4.1.1 - August 2025
    New:Added new indexes to improve query performance on key tables: unique indexes for contact information (phone/email/name), build-component relationships, component dependencies, external references, and component hashes. Enhanced the sn_sbom_component table with two new fields: unprocessed_sbom_data to store non-critical attributes as JSON for asynchronous processing, and hash_sha256 for direct storage of the component's SHA-256 hash value.
    Version 4.0.0 - February 2025
    Improvements to support deleting BOM entity records and their related components from the Software Bill of Materials Workspace with bulk edit.
    Version 3.0.5 - December 2024
    Fixed: Minor fix for this release.
    Version 3.0.4 - November 2024
    New: Data model improvements to support the License administration module.
    Version 2.0.2 - August 2024
    New: Table improvements to support new features in SBOM Response and SBOM Core.
    Version 1.4.3 - May 2024
    New: Data model and framework enhancements to support DevOps use cases that require unique SBOMs for the multiple builds of a BOM Entity.
    Version 1.3.1 - February 2024
    Updated data model to support PURL validation and author of the BOM document.
    Version 1.1.2 - November 2023
    • Changed:
      • Added Report View ACL to the [sn_sbom_m2m_bom_comptable] table.
      • Added New Roles and ACL to the [sn_sbom_doc] table.
    Version 1.0.4 - September 2023
    New: Display name is a new field on the BOM Component table. The Display name field uses the name and version as the displayed value of a component.
    Version 1.0.3 - August 2023
    Initial release: This application includes the tables, ACLs, and roles that are required to upload, parse, and ingest SBOM data.