Integrating an SBOM capability into the DevSecOps process is recommended by the NSA and CISA in their multi-organization publication, “Securing the Software Supply Chain: Recommended Practices for Developers”. Here’s an article I wrote on the topic:

https://www.trexsolutionsllc.com/secure-by-design-and-zero-trust-integrating-supply-chain-risk-management-with-devsecops/