The Server SBOM (10gen/mongo/sbom.json), while diligently maintained manually by the Server team, lacks accuracy and depth in some areas.

R&D Security will rebuild the SBOM to better meet NITA Minimum Elements for Software Bill of Materials, OWASP Software Component Verification Standard (SCVS) Level 1, as well as include the necessary component identifiers for vulnerability discovery and VEX responses.

This is in support of efforts to automate the SBOM generation (RNDSEC-1151).