Key Features
Supported SBOM Formats The platform supports widely adopted SBOM formats to ensure seamless integration and interoperability across security workflows:- CycloneDX: A lightweight BOM standard optimized for security and supply chain use cases.
- SPDX (Software Package Data Exchange): A standardized and detailed format for sharing software metadata across tools and processes.
- Export SBOMs: The platform enables users to generate SBOMs in both CycloneDX and SPDX formats. This allows organizations to share, analyze, and distribute SBOMs as part of compliance, security, or validation workflows.
- Example: Export a CycloneDX SBOM post scan and compare the results to a vendor supplied SBOM.
SBOM Use Cases
Supply Chain Risk Assessment
Validate the integrity and security of third-party software components- Example: An SBOM output reveals that a third-party library in an IoT firmware is not only out of date, but is associated with several critical vulnerabilities. This prompts the security team to review mitigation steps
Regulatory Compliance Assurance
Use the SBOM to demonstrate adherence to industry standards and regulatory requirements.- Example: From an internally written tool binary, an SBOM is generated in SPDX format to prove compliance with the EU Cyber Resilience Act during a 3rd party audit.
Identification of unattested to components
Leverage SBOM’s to expose what is truly contained within third-party packages.- Example: An SBOM reveals the presence of a compression library that was not attested to, or present within the vendor supplied SBOM.
Incident Response Support
Use SBOM data to accelerate incident investigation and root cause analysis.- Example: An SBOM helps CIRT members identify a compromised third-party library present within an analyzed binary, speeding up containment and resolution during a security investigation.