Manage your SBOMs and know what you're made of.
Manifest is a venture-backed cybersecurity company committed to developing industry-leading tools for the management of software bills of materials (SBOMs). The prevalence of software supply chain vulnerabilities such as Log4shell, Solarwinds, and Apache Struts is growing rapidly – by some accounts 300% year over year – and mission-critical enterprises such as DOD and FCEB agencies have a mandate to secure their supply chains.
Owing to federal mandates and individual agency and service requirements, SBOMs have gained considerable traction as the de facto method by which software vendors provide USG with visibility and accountability into their software supply chains. These SBOMs provide critical inventories of third party and open source components within applications. However, SBOMs require a programmatic solution to manage those artifacts and derive actionable insights. From soliciting SBOMs from vendors and generating SBOMs for internal applications to aggregating SBOMs in a unified repository, monitoring SBOMs for new and existing vulnerabilities, contextualizing with exploitability information, and facilitating alerting and secure sharing of SBOMs downstream, Manifest manages the entirety of the SBOM lifecycle.
With Manifest, DOD and FCEB agencies can:
- Assess vendor risk pre-procurement
- Inventory third party and open source dependencies for exploitable vulnerabilities
- Monitor internally developed applications for overly permissive and problematic license issues
- Facilitate vendor compliance with regulations such as Executive Order 14028, the FDA’s “Cybersecurity in Medical Devices Refuse to Accept Policy” from 30 MAR 2023, and OMB’s Memorandum M-22-18
- Reduce mean times to patch (MTTP) and mean times to remediation (MTTR) in the event of the next software supply chain vulnerability.
The United States Government has presciently enacted regulations and policies to further critical visibility into software supply chain security, and Manifest was built to facilitate those regulations. With contracts in both DOD and FCEB, Manifest meets USG’s pressing need for SBOM management capabilities.