Software supply chain security critically depends on Software Bill of Materials (SBOM), yet adoption remains low due to persistent developer challenges. Method: This study conducts the first large-scale empirical software engineering analysis of SBOM-related questions (n = 1,247) posted on Stack Overflow from 2020–2023, combining natural language processing, thematic analysis, and statistical modeling to systematically identify practical barriers. Contribution/Results: We find a low SBOM question resolution rate (15.0%) and a steep annual growth in query volume (+42%). Key obstacles center on toolchain interoperability, inaccurate or incomplete SBOM generation, and ambiguous interpretation of compliance requirements (e.g., SPDX, CycloneDX, and regulatory mandates). The study uncovers structural bottlenecks impeding SBOM operationalization—particularly gaps between specification standards and real-world tooling—and provides the first empirically grounded, large-scale evidence from authentic developer contexts to inform SBOM tool design, documentation improvement, and targeted developer support strategies.

Current software development takes advantage of many external libraries, but it entails security and copyright risks. While the use of the Software Bill of Materials (SBOM) has been encouraged to cope with this problem, its adoption is still insufficient. In this research, we analyzed the challenges that developers faced in practicing SBOM use by examining questions about SBOM utilization on Stack Overflow, a Q&A site for developers. As a result, we found that (1) the proportion of resolved questions about SBOM use is 15.0% which is extremely low, (2) the number of new questions has increased steadily from 2020 to 2023, and (3) SBOM users have three major challenges on SBOM tools.