Worked on enhancing security visibility and dependency traceability for the Zephyr project in the nxp-upstream/zephyr repository. Developed a feature that generates a single, accurate Software Bill of Materials (SBOM) by integrating Zephyr into modules-deps.spdx, supporting vulnerability scanning and risk assessment. Leveraged Python scripting to automate SBOM inclusion and updated dependency management scripts to ensure repeatable builds. Included Zephyr’s CPE and PURL in the SBOM data for precise vulnerability mapping, and established DEPENDENCY_OF relationships to create a structured dependency graph. The work focused on improving transparency and automation in software supply chain management using Python and SBoM standards.