As the importance of software supply chain security continues to grow, ensuring the reliability and consistency of Software Bills of Materials (SBOM) has emerged as a critical challenge. In this study, we propose an automated method to detect potentia...
As the importance of software supply chain security continues to grow, ensuring the reliability and consistency of Software Bills of Materials (SBOM) has emerged as a critical challenge. In this study, we propose an automated method to detect potential forgeries and analyze component-level modifications by analyzing the semantic similarity between SBOM documents generated from different versions of the same software project. Using a publicly available SBOM dataset, each document is embedded with a pre-trained language model and compared using cosine similarity. Subsequently, structural differences are identified through dedicated large language model (LLM)-based agents, implemented via OpenAI GPT-4o, which generate human-readable explanation reports that highlight suspicious changes. Experimental results demonstrate that the proposed method outperforms traditional comparison techniques in both forgery detection accuracy and interpretability of change history. This research contributes to the automation of SBOM-based security auditing and provides a foundational approach for the development of trustworthy change tracking tools in the software supply chain domain.