Feature: SBOM documentation

[nickytonline]

As a user of the OpenSauced platform, I want documentation related to the Software Bill of Materials (SBOM) feature set so that I can have a good understanding of SBOM and the related tools.

[nickytonline]

Once this documenation has been added, it'd be good to update the learn more... link here, https://github.com/open-sauced/app/pull/3938/files#diff-5791fb55bff1d92f290ccb1d66c6b1a0c833c675c245466810fb72504e5a00d4R265-R266

Relates to open-sauced/app#3938

[nickytonline]

Some additional references care of @jpmcb:

• NIST also has an important resource: https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1
• The OpenSSF also has a whole working group on this with some good resources: https://github.com/ossf/sbom-everywhere/tree/main

[jpmcb]

Quick note: It may be an anti-pattern to document exactly what an SBOM is since it's abit of a moving target: there are lots of government agencies, third party organizations (like the OpenSSF and Linux foundation), and companies that all have opinions on this. Even GitHub sort of has their own spin: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository

Personally, I'd focus on the OpenSauced feature while referring people to the CISA or the NIST. Or even direct quoting from those gov agencies would be good 👍🏼