Dynamic SBOM is a software composition analysis tool that profiles applications during runtime to identify which vulnerabilities are actually reachable or "observed" in production environments. The tool filters out noise from static SCA reports by focusing on dependencies and components that are actively used during execution. The product builds a runtime profile of applications to show which third-party components and packages are actually utilized, enabling teams to remove unused code and dependencies. It identifies CVEs that pose real risk by simulating attacks to confirm exploitability, reducing false positives by 60-90%. Dynamic SBOM supports compliance requirements including EO 14028, SSDF, and NIST standards through runtime data collection. The tool exports findings in VEX and SARIF formats for integration into audit workflows and attestation generation. The platform highlights unused third-party components and dependencies that can be removed to minimize attack surface. By focusing on runtime behavior rather than static analysis alone, it provides security teams with actionable intelligence about which vulnerabilities require immediate attention versus those that exist in unused code paths.