Enrichment

Enrichment is the process by which additional metadata about SBOMs is generated and stored. Examples of enrichment data include:

Vulnerabilities associated with a package or its dependencies.
Scores related to vulnerabilities (e.g. EPSS, CVSS) for a package or its dependencies.
Quality metrics about the SBOM itself (e.g. sbom-scorecard results).