We've added a new flag, --sbom, to both the build and bake commands in our CLI. It can generate a Software Bill of Materials (SBOM) on every build. In addition, you can also specify a --sbom-dir parameter to have the generated SBOMs written to a local directory that you can then upload to your own SBOM analysis tools.

depot build --sbom=true --sbom-dir=sboms .
depot bake --sbom=true --sbom-dir=sboms -f docker-bake.hcl

You can read more about downloading SBOMs in Depot in our SBOM announcement post.