This study addresses the growing complexity of digital systems, which hampers organizations’ ability to effectively manage dependencies across software, hardware, AI models, datasets, and cryptographic assets. It presents the first systematic survey of Bill of Materials (BOM) approaches across these domains, synthesizing standardization efforts, industry practices, and academic research through a literature review and framework analysis. The work examines critical use cases including dependency modeling, compliance verification, and risk assessment, and distills core BOM principles, stakeholder roles, quality evaluation criteria, and secure sharing mechanisms. The analysis identifies four key gaps in current BOM frameworks—limited scope, insufficient interoperability, inadequate automation, and weak security guarantees—and outlines future research directions, highlighting both the potential and limitations of BOMs in emerging digital ecosystems.

Modern digital ecosystems, spanning software, hardware, learning models, datasets, and cryptographic products, continue to grow in complexity, making it difficult for organizations to understand and manage component dependencies. Bills of Materials (BOMs) have emerged as a structured way to document product components, their interrelationships, and key metadata, improving visibility and security across digital supply chains. This survey provides the first comprehensive cross-domain review of BOM developments and practices. We start by examining the evolution of BOM frameworks in three stages (i.e., pre-development, initial, and accelerated) and summarizing their core principles, key stakeholders, and standardization efforts for hardware, software, artificial intelligence (AI) models, datasets, and cryptographic assets. We then review industry practices for generating BOM data, evaluating its quality, and securely sharing it. Next, we review practical downstream uses of BOM data, including dependency modeling, compliance verification, operational risk assessment, and vulnerability tracking. We also discuss academic efforts to address limitations in current BOM frameworks through refinements, extensions, or new models tailored to emerging domains such as data ecosystems and AI supply chains. Finally, we identify four key gaps that limit the usability and reliability of today's BOM frameworks, motivating future research directions.