Syft, Grype, Cosign, and Cloudsmith are tools that can improve supply chain security workflows by enhancing visibility and preventing disasters like Log4J. Software Bill of Materials (SBOMs) is a list of all components in a software product, which can help identify vulnerabilities and ensure trust in the software supply chain. Sift and Grype are tools used to generate SBOMs, while Cosign and Cloudsmith provide integration with these tools to host and analyze SBOMs. The future of SBOMs involves making them actionable, integrating tooling into CI/CD workflows, and providing interfaces for users to bring in custom information. As the community matures, we can expect to see more seamless integration of SBOMs into the software ecosystem.