Software plays a crucial role in modern life, and managing its development lifecycle requires effective control over binaries and their metadata. Binaries, or software packages, contain essential data, and their associated metadata provides valuable insights into their lifecycle, including creation dates, checksums, and user actions. Efficient management of binary metadata allows for operations such as retention policy creation, event marking, and security vulnerability checks. JFrog Artifactory offers a solution with its open-source tool, build-info, which records a comprehensive set of information during the build process, stored in JSON format. This build-info includes details like build modules, dependencies, source code repository information, and environment variables, which are crucial for software supply chain security. By frequently matching the list of dependencies against a vulnerability database, developers can ensure that builds remain secure. JFrog's approach, using tools like JFrog Xray, exemplifies how build-info can be used for security scanning and to alert developers of vulnerabilities, ensuring that only secure binaries are released.