An accurate Software Bill of Materials (SBOM) provides critical information about the components, licenses, and dependencies in a software product, enabling users to evaluate its risk and take proactive measures to secure their systems. SBOMs can be generated at various stages of the build lifecycle, including source code, build-time, container images, and runtime. The NTIA recommends generating an SBOM for every new release of a component, while open-source tooling like Sigstore, CycloneDX, Syft, Grype, and Trivy help automate SBOM workflows and integrate them into software pipelines. Cloudsmith's artifact repository integrates with Cosign to host SBOMs in an OCI registry. Runtime tools capture the exact libraries used by the application, providing a more detailed view of the software's dependencies. Validating SBOMs is essential to ensure they adhere to format specs, while verifying SBOMs involves checking cryptographic signatures. The Vulnerability Exploitability eXchange (VEX) provides vulnerability status information for components in an SBOM, complementing SBOMs and offering remediation steps if necessary. Despite advances in SBOM tooling and adoption, important questions remain, such as the completeness of SBOMs and the accuracy of tools at different stages of the build lifecycle. Initiatives to improve SBOM tooling and training are underway, aiming to make useful and accurate SBOMs available for all ecosystems.