The Open Component Model (OCM) allows describing software products and included versioned components and (security) related metadata in a standardized way. It is a Software Bill of Delivery (SBoD), comparable to a Software Bill of Materials (SBoM), but specifically focusing on delivery artifacts.

Tools built for OCM enable consistent and secure delivery of software products across the many organizational and physical boundaries of the continuum.

Furthermore, OCM becomes the operational source of truth and offers component identities to correlate information from and for the build, deployment, up to the runtime context.

OCM can be used to prove the end-to-end compliance and security posture of a software product (also see OCM Gear).