The powerful SBOM management service.

Get started

SBOM Central

SBOM Central is a SaaS solution designed to help you quickly kick-start your security initiatives. It focuses on open-source security, licensing compliance, and maintaining software health.

Additionally, SBOM Central can be deployed as an on-premises solution and be configured to meet air-gap requirements.

Web Services

The client application is provided by a web application framework capable of serving multiple tenants. It includes a robust web-based user interface, databases, and a RestAPI specifically crafted for smooth integration with CI/CD automation processes.

Information Services

The Information Services play a vital role in delivering essential data to web service users regarding vulnerabilities, exploits, patches, software versions, licensing, and more. The Information Services is also a proxy, acting as an intermediary between clients and the Internet, anonymizing requests and protecting privacy.

Features

Security

Vulnerability Detection

Identifying vulnerabilities in third-party components by retrieving information from external publishing services.

Exploit Detection

Identifying exploits in components by retrieving information from external publishing services.

Exploit Prediction

Assisting vulnerability remediation prioritization by providing data (EPSS) that estimates the probability of vulnerability exploitation.

Patch Detection

Removing false positives by communicating with security databases at various Linux providers.

Health Monitoring

Collecting component health information, including version details, updates, project activity, licensing, and more

License Management

FOSS license management and monitoring with semi-automated license approval to support organizational compliance.

Threat Intelligence

Capability to gather and integrate Cyber Threat Intelligence (CTI) data related to detected vulnerabilities.

Traceability

Traceability for products, SBOMs, components, vulnerabilities, releases, and more.

Tags

A tagging system that allows for flexible categorization to organize SBOMs, analyses, releases, reports, and more.

Proxy

A solution with a built-in proxy that masks user identity at external data sources, IP address, and location on the Internet.

Logging

Continuous logging of activities to enable the verification and traceability of analysis history, decision-making, and more.

Tools

Analytics tool

Analyze the impact of vulnerabilities and decide on remediation and priority for select products.

SBOM tool

Manually create, duplicate, and modify SBOMs with the SBOM tools. Generate new SBOMs for export.

Artifact tool

Manually create external artifact objects to be included in SBOMs and be part of vulnerability scanning.

Dictionary

Assisting the naming of external artifact objects to improve vulnerability detection.

Reporting

SBOM Reports

Providing tools to generate new SBOM reports, with the ability also to duplicate or modify existing ones

Delivery Reports

Generate Delivery Reports for SBOMs that represent released or otherwise significant software.

VEX Reports

Communicate exploitability status in a machine-readable format by generating VEX reports for delivered software.

Advisory Reports

Improve human readability by generating Advisory reports for selected VEX reports.

General

Continuous Monitoring

Continuously monitoring and updating data to identify new vulnerabilities, exploits, and other modified health metrics for your software.

RestAPI

The RestAPI enables automation and integration with CI/CD pipelines and other external services.

Notifications

Notifications for important events.

Teams

Establish dedicated teams to delineate responsibilities and prevent information leaks.

Deployment

SaaS

Primarily a SaaS solution, SBOM Central is designed to jump-start your security initiatives with ease— no installation required.

On-prem

Options to install the web services locally or with a service provider of your choice.

Air Gap

Options to enhance security further by deploying an air-gap configuration.

Supported Data Sources

GitHub

npm

RubyGems

Debian Linux

Alpine Linux

nuget

NVD

OSV

EPSS

CISA

pypi

GitLab

Bitbucket

AlienVault

ReleaseMonitoring