BoM is back! Not only because of US president's 2021 executive order and 2022 Cyber Resilience Act , but as a DevOps tool. It is not anymore only "the knowledge needed to recreate a particular release”. Or, at least, in the world of DevOps and Microservices, it has become something like "all of the environment information, tools, and specific branch and version of the software built, typically stored in an escrow account”. The session will clarify the content, the construction, the normative framework. Also, in the connected world of DevSecOps, shouldn't the BoM include the results, at a certain moment (the moment of the release), of all security results matching the state of the art? And what about immutability? We will discuss these aspects, and others like the purpose of the BoM, in this session open to questions, and illustrated with real use cases