A Software Bill of Materials is to software what an ingredients list is to food: a complete, structured manifest of every component that went into the build, including transitive dependencies, with versions and licenses. The common formats are CycloneDX and SPDX.
The reason SBOMs went from nice-to-have to mandated (US Executive Order 14028, and increasingly enterprise procurement) is incident response. When Log4Shell broke, the teams that could answer 'do we ship a vulnerable Log4j, and where' in minutes had an SBOM; everyone else spent days grepping build logs. An SBOM turns that question into a lookup.
An SBOM is only useful if it's current and verifiable, so it's generated as part of the build and stored alongside the artifact — not written by hand after the fact.