SBoM of a modular software solution during its lifecycle

How to represent the composition of the solution during planning, when no artifacts exist yet?

How to track defects in common components developed internally that are used in multiple products? And how to track our own vulnerabilities that affect multiple of our products using our own common components?

What tools can be used to manage the SBoM and how to integrate them in the existing pipelines and processes?

Define a traceability model of the SBoM, for example to what build it relates, how to navigate it, query and report it and the related information, such as vulnerabilities, export control classification, release notes, licenses of our products and third party products, completed requirements, fixed bugs, known bugs....