BlueVoyant unveils SBOM tool to tackle third-party software risk

BlueVoyant has introduced a Software Bill of Materials (SBOM) management offering aimed at helping organisations manage and reduce third-party software risks.

The new SBOM feature automates the ingestion, analysis, and tracking of software components from third-party vendors. This capability is an enhancement to BlueVoyant's Supply Chain Defense, a third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and works with them to address security threats.

BlueVoyant has partnered with Manifest, a cybersecurity company focused on securing software supply chains, to power its SBOM solution. According to the Open Source Software Risk Analysis (OSSRA) Report, over 85% of applications contain at least one software vulnerability. Despite this, many organisations do not have visibility into software design or effective ways to manage third-party SBOM information, which can expose them to potential breaches, operational disruptions, and compliance challenges.

The collaboration between BlueVoyant and Manifest aims to provide security teams with insights into software risk exposure and dependencies that may impact business operations. "By combining Manifest's depth of experience in SBOM with BlueVoyant's holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges," said Marc Frankel, CEO and co-founder of Manifest.

Key benefits outlined with the SBOM management offering include automated vendor risk management, allowing organisations to request SBOMs from vendors, view risk levels for products, and integrate this data into wider risk management activities. The system is designed to enhance vulnerability management by helping teams prioritise and triage issues, with the aim of reducing both false positives and unnecessary mitigation work.

For open source software (OSS) risk, the solution assembles an enterprise-wide inventory of OSS components across both first and third-party products, and allows scanning of OSS repositories to assess risk before implementation. Compliance is also addressed, with tools to demonstrate and provide evidence for regulations and standards such as R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and the EU's NIS2 and DORA.

Joel Molinoff, Global Head of Supply Chain Defense at BlueVoyant, elaborated on the significance for both private and public sectors. "Organisations in the private and public sectors are realising that SBOM visibility is a crucial part of a proactive third-party cyber risk management program," said Molinoff. "By enhancing BlueVoyant's Supply Chain Defense with Manifest's SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats."

BlueVoyant's Supply Chain Defense solution has been recognised with industry awards, including winning in the Cybersecurity Excellence Awards for Supply Chain and being named a finalist in the SC Awards for Best Supply Chain Security. BlueVoyant was also featured in the 2025 Gartner Market Guide for Third-Party Risk Management Technology Solutions published by Antonia Donaldson and Luke Ellery, among others.

Supply Chain Defense operates within the BlueVoyant Cyber Defense Platform, which is designed to monitor and mitigate threats originating from internal, external, and third-party sources in a single cloud-native environment.