Automatically generate and manage SBOMs for IT infrastructure

IT and security teams know well the pain when new vulnerabilities are disclosed in common open source applications and components like Log4j, Apache Struts, and Curl. Leadership’s first question is inevitably “Are we vulnerable?”

Vulnerability scanners help, of course, but require teams to scan their entire environment over and over to discover vulnerable systems.

A simpler approach is to maintain a Software Bill of Materials (SBOM) for your IT infrastructure, just as security teams do for the applications their organizations develop. An SBOM provides teams with a comprehensive list of all open source used in your environment and maps those to a database of known vulnerabilities.

Clarity agents produce and maintain SBOMs for open source operating systems, applications, and components running on systems managed by IT outside of the traditional secure development lifecycle. When a new vulnerability is disclosed, your team receives an alert pinpointing which systems include the vulnerable components. Vulnerability scanners can prioritize those systems to determine exploitability while continuing routine scanning of other systems.

Traditional Software Composition Analysis tools rely on build manifests or source code to create an SBOM. Clarity is different. It’s patented approach identifies open source components in compiled applications – without violating license agreements. Clarity’s binary SCA scanning produces an SBOM for applications, embedded firmware, IT infrastructure, and containers.