SBOM (Software Bill of Materials) transitive dependencies' CVEs

Where can I find the SBOM for GE? It’s being requested by US CISA (and the White House).
The SBOM details the chain of open source libraries recursively, identifying transitive dependencies.
Having such a list would enable us to see whether each dependency has a known security vulnerability in the US CVE database.