Apiiro XBOM is an Application Security Posture Management platform that creates an extended software bill of materials (XBOM) by integrating with source control management systems and runtime sources. The platform uses patented Deep Code Analysis (DCA) technology to analyze code and extract application components, insights, and risk context. The platform provides continuous visibility into applications, including code modules, APIs, GraphQL operations, Protobuf services, languages, technologies, open source dependencies, licenses, serverless functions, storage buckets, and infrastructure components. It maps component interconnections, risks, and changes over time to identify toxic combinations and coverage gaps. Apiiro XBOM connects code-to-runtime context by enriching inventory with runtime connectors to surface whether risks are deployed, internet-exposed, or behind a WAF. The platform matches runtime APIs, containers, and security alerts to their sources in code and identifies code owners. The inventory includes supply chain elements such as projects, repositories, CI/CD pipelines, pipeline dependencies, artifacts, secrets, and contributors. It also tracks data and controls including authorization, authentication, encryption, session management, key management, and sensitive data. The platform provides risk prioritization based on likelihood and impact, analyzes developer behavior to identify security champions and anomalous activity, and detects material code changes for regulatory compliance. It includes an Explorer feature for querying application and supply chain components, a coverage map to expose security testing gaps, and material change detection for triggering security reviews.