Key Features
Supported SBOM Formats The platform supports widely adopted SBOM formats to ensure seamless integration and interoperability across security workflows:- CycloneDX: A lightweight BOM standard optimized for security and supply chain use cases.
- SPDX (Software Package Data Exchange): A standardized and detailed format for sharing software metadata across tools and processes.
- Export SBOMs: The platform enables users to generate SBOMs in both CycloneDX and SPDX formats. This allows organizations to share, analyze, and distribute SBOMs as part of compliance, security, or validation workflows.
- Example: Export a CycloneDX SBOM post scan and compare the results to a vendor supplied SBOM.Â
SBOM Use Cases
Supply Chain Risk Assessment
Validate the integrity and security of third-party software components Â- Example: An SBOM output reveals that a third-party library in an IoT firmware is not only out of date, but is associated with several critical vulnerabilities. This prompts the security team to review mitigation steps Â
Regulatory Compliance Assurance
Use the SBOM to demonstrate adherence to industry standards and regulatory requirements.- Example: From an internally written tool binary, an SBOM is generated in SPDX format to prove compliance with the EU Cyber Resilience Act during a 3rd party audit.
Identification of unattested to components
Leverage SBOMâs to expose what is truly contained within third-party packages.Â- Example: An SBOM reveals the presence of a compression library that was not attested to, or present within the vendor supplied SBOM.Â
Incident Response Support
Use SBOM data to accelerate incident investigation and root cause analysis.- Example: An SBOM helps CIRT members identify a compromised third-party library present within an analyzed binary, speeding up containment and resolution during a security investigation.
Programmatic Access
Generate SBOMs programmatically using the Binarly API:- SBOM Report API - Endpoint reference
- Compliance Artifacts - Automation scripts