One hub for all SBOMs
Import external SBOMs, and ones created by Endor Labs, and manage them in one place. No more messy Sharepoint folders for SBOMs.
Automated SBOM Ingestion
Add SBOM Hub to your CI pipelines to automate SBOM creation whenever new versions are shipped.
Continuous risk monitoring
SBOM Hub will automatically update risk profiles with new security advisories, with no need to recreate the SBOM.
Trusted by Leading Teams
The need for SBOMs is rising.
SBOM sprawl is starting
Mandates like Executive Order 14028 and guidelines from CISA have accelerated the need to produce accurate SBOMs. But these mandates don't provide much guidance on how to store, analyze, and manage SBOMs at scale. For large businesses such as VMWare, this can quickly become a sprawling problem that must be standardized. SBOMs need to be collected, standardized, attested to, and continuously monitored for new risks with their associated software packages. Companies are realizing they need...
One place to manage all SBOMs
SBOM Hub offers a simple process for importing SBOM data, whether you receive them from third-party sources or create them internally. With support for a wide range of versions for the two most popular formats - CycloneDX and SPDX. SBOMs can be uploaded manually, but you can also automate both SBOM creation and ingestion through our CI integration. This way you can make sure that every new application deployed to production generates an updated SBOM, which is monitored continuously in the Hub.
SBOM management without the tax.
We've gathered all these SBOMs, what do we do with them?
After you've successfully created a single pane of glass for all SBOMs, now comes the hard part. Each SBOM lists out software components which will have license, security, and operational risks associated with them. This data also needs to be stored and prioritized, and updated whenever new security advisories and CVEs are released. Normally, this would require hours of manual work. Fortunately...
Endor SBOM Hub automatically updates risk information
Once an SBOM is monitored in the Hub, you can stay informed about the latest vulnerabilities and issues without manual effort. SBOM Hub will automatically update risk information for every software dependency associated with the SBOM.