Take full control of your software supply chain security with our cutting-edge SBOM scanning solution. Know the components of your software with the version and licensing information and uncover known vulnerabilities in software packages, libraries, and dependencies through a cloud-native platform.
Integrate with your source code repository in just a few clicks. Once the repository has been added to the project list, you are good to start the scanning from the Scan Now button. You’ll then receive an email confirming the project scan has started. As soon as the scan completes, you’ll find a similar confirmation delivered to your inbox. No time wasted.
Instantly see which software library or package is out-to-date or vulnerable to known exploit. Know which category a library or package belongs (e.g., development tools, frameworks, database, frontend libraries). Examine license details to uncover possible license restrictions, obligations, or compliance issues.
Identify vulnerabilities in your software components, open-source or third-party dependencies and packages. Click on a CVE ID to drill down into specific details. Review important information about the selected vulnerability, including the impacted package, severity level, CVSS, description, and a list of URLs for additional reference.
Generate comprehensive SBOM and vulnerability reports, including all dependencies, fixed versions, vulnerabilities, and licenses. Provide well-organised PDF documents with actionable insights and audit-ready information to developers, IT teams, auditors, software vendors, and other stakeholders.
Export SBOM files in standard formats like SPDX or CycloneDX to fulfill security or compliance requirements. Since they’re JSON files, they’re human-readable, machine-readable, and highly interoperable. Developers, auditors, and security analysts can easily inspect them. At the same time, they can be seamlessly integrated into tools and automated workflows.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
An SBOM, or Software Bill of Materials, is a detailed inventory of all software components, libraries and open-source and third-party dependencies of your application. .It’s critical to identify out-of-date softwares and their related vulnerabilities, ensuring compliance with licensing requirements, and mitigating risk in software supply chains.
U.S. Government Cybersecurity Executive Order 14028
Requires organisations to submit an SBOM for each product sold to US federal government agencies.
US FDA (Food and Drug Administration)
Section 524B of the FD&C Act now requires manufacturers of certain "cyber devices" (medical devices with software and internet connectivity) to include an SBOM for the commercial, open-source, and off-the-shelf software components of their devices.
PCI DSS (Payment Card Industry Data Security Standard) v4.0 and above
Includes provisions aligned with SBOM usage. For instance:
6.3.2: Organizations must maintain an inventory of custom and third-party software components
6.3.3: Software must be kept up to date through security patches
EU CRA (Cyber Resilience Act)
Requires digital product manufacturers, including their associated distributors or importers, selling in the EU to include a top-level SBOM when submitting technical documentation for their products.
Australian Cyber Security Centre (ACSC) Guidelines for Software Development
Advises software developers to provide their customers with a Software Bill of Materials.
Anyone who needs a detailed inventory of software components and the associated vulnerabilities. This includes software development, product owners, security teams, DevOps, DevSecOps, procurement, and compliance teams.
Blacklock supports Github integration, which allows seamless and secure access to your code repository. You can update or remove the repository at any time.
Our tool analyses supported libraries and package versions in your codebase against public vulnerability databases such as the National Vulnerability Database (NVD). It identifies vulnerabilities based on supported component versions, providing you with actionable recommendations to prioritise and mitigate risks.
Our tool shows the current and latest versions of each component in your SBOM. This makes it easy for you to determine upgrade priorities and ensure you’re using the most secure and up-to-date versions of your dependencies.
We recommend running scans regularly, especially after updates to your application or its dependencies. Continuous scanning ensures you stay ahead of emerging vulnerabilities and maintain a secure software supply chain.
SBOM scanning focuses on analyzing software components, open-source and third-party dependencies and packages prior to deployment. It identifies vulnerabilities linked to specific packages or libraries. Vulnerability scanning, on the other hand, examines the deployed software or system itself in a live environment. It detects misconfigurations, application layer vulnerabilities, open ports exploitable vulnerabilities. Together, they provide software security at different stages of the development and deployment lifecycle.
The duration of an SBOM scan depends on the size and complexity of your project. For small and medium-sized projects, scans are typically completed within a few minutes. Larger projects with extensive dependencies may take longer. That being said, the process is designed to be efficient to minimise delays in your workflow.
The service can be purchased via the Buy Plan page from your Blacklock account. The pricing is per repository on either a monthly or annual plan. Choose the plan that best fits your current needs and budget. As your organization grows, you can easily scale up and add more repositories as needed.