The exploitation of vulnerabilities, like those in the recent high-profile SolarWinds attack, highlight the need for thorough security and compliance auditing. In the Cloud Native technology landscape, there are a variety of purpose-built solutions that help eliminate pain points along the software supply chain. One of these solutions, bill-of-materials (BOM), is an industry standard mechanism for surfacing metadata to be used for security auditing. Cloud Native Buildpacks (CNB) have native support for the BOM baked into the image metadata. The Paketo project, an OSS implementation of CNB, is taking the BOM a step further by populating it with dependency and package metadata from both the build process and the final image. This talk will explore how our approach to BOM provides more convenient and comprehensive insights into vulnerabilities, and how they can be mitigated.