Given the big PyPI, Node and Github supply chain attacks in the last month or two I am *very* curious:

Orgs who have walked far down the SBOM path - are you feeling pretty good about that right now? Is it genuinely helping you respond to supply chain attacks?