Software supply chain security platform providing SBOM management, code integrity verification, and continuous assurance across the SDLC.
Platforms for generating, managing, and sharing Software Bills of Materials to track software component provenance and security.
Software supply chain security platform providing SBOM management, code integrity verification, and continuous assurance across the SDLC.
Software supply chain security platform providing attestation, SBOM, and immutable audit logs.
Anchore provides container security and software supply chain compliance tools that help organizations enforce security policies for container images throughout the development pipeline.
Software bill of materials platform for industrial control systems delivering software supply chain intelligence.
Black Duck provides software composition analysis that helps organizations manage security, quality, and license compliance risks from open-source and third-party code.
Sonatype provides software supply chain management and SCA tools including Nexus Repository and Sonatype Lifecycle for managing open-source security and compliance.
Mend.io is a software composition analysis and application security platform that helps development teams identify and remediate vulnerabilities in open-source dependencies.
Connected device security platform providing firmware analysis, SBOM management, and vulnerability detection for IoT and embedded systems.
Software supply chain security platform providing SBOM generation, vulnerability management, and attestation for software integrity.
SOOS provides affordable software composition analysis and DAST solutions that help development teams identify vulnerabilities and license issues in open-source dependencies.
Product security platform delivering SBOM analysis, vulnerability management, and compliance for automotive, medical, and industrial devices.
Firmware and software supply chain security platform providing SBOMs, vulnerability detection, and risk scoring for connected devices.
OpenSSF open-source project aggregating software supply chain metadata (SBOMs, SLSA, signatures) into a unified graph.
SBOM management platform enabling organizations to ingest, enrich, and operationalize software bills of materials for supply chain risk management.