SBOM.

18 CycloneDX 1.6 SBOM snapshots across 4 production services. 6 components changed without a corresponding CHANGELOG entry. 2 components in service A appear nowhere in service B's SBOM.

An SBOM you can't diff is an SBOM you can't defend.

SB-014 · auth-service v3.2 → v3.3 DRIFT

4 packages added · 2 removed · no CHANGELOG · no PR comments.

Backfill changelog, attach diff to release notes.