Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.binarly.io/llms.txt

Use this file to discover all available pages before exploring further.

The Binarly Transparency Platform provides robust SBOM (Software Bill of Materials) generation capabilities, delivering comprehensive visibility into components and dependencies within  Firmware, Embedded Linux, and Container (Docker) binaries . SBOM’s  our generated completely from the uploaded and analyzed binary. With no need to ingest or upload a vendor supplied BOM,  this provides an inventory  of the actual contents of the file or package regardless of what is attested to by a supplier or vendor.  To generate an SBOM, navigate to Products, select view images from the bottom menu, and choose SBOM from the right-side menu. SBOM outputs can also be generated from within the dependencies tab of a product’s findings. 

Key Features

Supported SBOM Formats The platform supports widely adopted SBOM formats to ensure seamless integration and interoperability across security workflows:
  • CycloneDX: A lightweight BOM standard optimized for security and supply chain use cases.
  • SPDX (Software Package Data Exchange): A standardized and detailed format for sharing software metadata across tools and processes.
Export Capabilities
  • Export SBOMs: The platform enables users to generate SBOMs in both CycloneDX and SPDX formats. This allows organizations to share, analyze, and distribute SBOMs as part of compliance,  security,  or validation  workflows.
  • Example: Export a CycloneDX SBOM post scan and compare the results to a vendor supplied SBOM. 

SBOM Use Cases

Supply Chain Risk Assessment

Validate the integrity and security of third-party software components  
  • Example: An SBOM output reveals that a third-party library in an IoT firmware is not only out of date,  but is associated with several critical vulnerabilities.  This prompts the security team to review mitigation steps  

Regulatory Compliance Assurance

Use the SBOM to demonstrate adherence to industry standards and regulatory requirements.
  • Example:  From an internally written tool binary,  an SBOM is generated in SPDX format to prove compliance with the EU Cyber Resilience Act during a 3rd party audit.

Identification of unattested to components

Leverage SBOM’s  to expose what is truly contained within third-party packages. 
  • Example: An SBOM reveals the presence  of a compression library that was not attested to,  or present within the vendor supplied SBOM. 

Incident Response Support

Use SBOM data to accelerate incident investigation and root cause analysis.
  • Example: An SBOM helps CIRT members  identify a compromised third-party library present within an analyzed  binary, speeding up containment and resolution during a security investigation.

Programmatic Access

Generate SBOMs programmatically using the Binarly API: