U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Software Supply Chain Visibility Tools

  • AppCensus (El Cerrito, California) will add to its existing platform by mapping vulnerabilities to SDK behavior and providing a means to visualize that data as well as incorporate those results into SBOM reporting and common tooling and practice for IT professionals within enterprises. (Initial Award April 2023) – Currently in Phase 1
  • ChainGuard (Kirkland, Washington) - will create an SBOM composition tool by developing the conceptual schema of how to join micro-SBOMs, creating a test suite of micro-SBOMs and the super SBOMs that ought to be created, and implementing functionality that takes micro-SBOMs as input and outputs a super SBOM. (Initial Award April 2023) – Currently in Phase 1
  • DeepBits (Riverside, California) - has developed an AI-powered code intelligence platform for large-scale accurate binary code identification across languages and hardware platforms. They will develop a multi-format SBOM translator and design, build, and test its SaaSBOM generation tool. (Initial Award April 2023) – Currently in Phase 1
  • Manifest Cyber (Westport, Connecticut) will further mature their existing SBOM management platform by adding capabilities including support for enriching vulnerability data using the Vulnerability Exploitability eXchange (VEX) documentation, automating ticketing responses to Security Incident and Event Management (SEIM) systems, automating risk and compliance report. generation, begin building a global SBOM repository, and building support for eventual integration with commonly used asset management tools. (Initial Award April 2023) – Currently in Phase 1
  • Scribe Security (Tel Aviv, Israel) - will adapt its existing platform to develop a multi-format SBOM translator using an Open Policy Agent (OPA), further develop two of its core technology tools used for the generation of SBOMs and extend its platform to provide unique vulnerability information and insights. (Initial Award April 2023) – Currently in Phase 1
  • TestifySec (Jasper, Alabama) - is developing a new security platform and associated tools to provide enhanced supply chain security. These tools ensure software integrity by enabling detection of possible tampering or malicious activity through the application of “generate” and “verify” attestation processes in concert with policy compliance configuration. (Initial Award April 2023) – Currently in Phase 1
  • Veramine (Bothell, Washington) - will enhance its Endpoint Detection & Response (EDR) agent by adapting and configuring the agent to collect only what would be needed to populate the SBOM and – importantly – also to centrally preserve a single copy of every binary ever loaded anywhere across the enterprise network for vulnerability analysis. (Initial Award April 2023) – Currently in Phase 1
Last Updated: 02/07/2024
Was this page helpful?
This page was not helpful because the content