BlueVoyant, the leader in integrated cybersecurity, today launched its Software Bill of Materials (SBOM) management offering, which helps organisations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defense, BlueVoyant’s next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant’s SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specialises in securing software supply chains for corporate and government entities.

More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organisations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organisations are looking for solutions.

By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on.

“By combining Manifest's depth of experience in SBOM with BlueVoyant’s holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,” said Marc Frankel, CEO and co-founder of Manifest.

The key benefits to utilising SBOM for third-party risk are:

• Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk management
• Smarter vulnerability management: Prioritise vulnerabilities quickly, and triage issues to reduce false positives and avoid unnecessary mitigation work
• Open Source Software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products, and scan OSS repositories to assess risk before implementing them
• Simplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and the EU’s NIS2 and DORA

“Organisations in the private and public sectors are realising that SBOM visibility is a crucial part of a proactive third-party cyber risk management program,” said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. “By enhancing BlueVoyant’s Supply Chain Defense with Manifest’s SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.”

BlueVoyant’s Supply Chain Defense has garnered multiple industry awards. This year it was named a winner in the Cybersecurity Excellence Awards for Supply Chain and a finalist in the SC Awards for Best Supply Chain Security. Additionally, BlueVoyant was recognised in the 2025 Gartner Market Guide for Third-Party Risk Management Technology Solutions published May 2025 by Antonia Donaldson, Luke Ellery, et al.

Supply Chain Defense is part of the BlueVoyant Cyber Defense Platform, which provides holistic cyber defense by helping clients to detect, investigate, and mitigate threats from internal, external, and third-party ecosystems in one cloud-native platform.

Find more information about BlueVoyant's SBOM solution here.