Is there a SBOM for Asterisk documented or published anywhere? This would be helpful when looking at security vulnerabilities and determining if Asterisk is impacted or not.
There is no such thing for Asterisk.
the closes you get to is to look at all the include statements in the code