Yeah ...
You audit everything that makes up a system
You record any 3rd party deps - and their licensing.
And, if producing a built system, yu make sure it can be built on a fresh build box, generating identical binaires i.e. exact same at the binary output level.
Problem with 'Enterprise Architects' is most they are fly by night bandwagon jumping shyters
Biting the hand that feeds IT
