Insignary Clarity Supply Chain

A Flood of SBOMs is Coming

A Software Bill of Materials (SBOM) provides insight to legal and security risk from open source software. The value of an SBOM is clear, and legislative actions around the world require organizations to produce and maintain SBOMs for the life of their products. These include Europe’s Cyber Resilience Act, US Executive Order 14028, and FDA requirements for premarket submissions.

As the volume of SBOMs your organization manages increases, three questions become critical:

01/How do I ensure that my open source policies are enforced across all of the code I use, including third party binaries included in my products?

02/How do I validate that third party SBOMs are accurate?

03/How do I monitor hundreds or thousands of SBOMs from internal projects and third parties?

Insignary Clarity Supply Chain

Organizations need to create and enforce policies dictating the characteristics of open source allowable for each project and a system to enforce those policies – including for code supplied by third parties.
Insignary Clarity Supply Chain (SC) provides organizations with a unified platform for simplifying open source adoption and SBOM management while minimizing risk in internal and vendor-provided software.

Fully Customizable Policy and Workflow Management

Clarity SC enables teams to create and enforce open source policies for internal projects and third party binaries.

Policies can include permissible components, licenses, and security issues. Workflow includes reviews, approvals, and exceptions.

Clarity SC translates complex licensing language into plain language attributes allowing teams to build policies to avoid obligations such as distributing source code without the need for in depth legal knowledge.

Easily Create, Import, and Manage SBOMs in Standardized and Custom Formats

Partners and vendors may not have visibility to your policies and may use a variety of scanning tools (or none at all) to create SBOMs.

Clarity SC allows teams to generate, import, monitor, and manage internal and external SBOMs from a single application - even without source code.

It normalizes SBOMs to avoid confusion due to different terminologies depending on scanner tool vendors and supports multiple international and localized formats including Insignary Clarity, CycloneDX, SPDX, FossID, and Protex

Validate and Monitor Third Party SBOMs

Clarity SC includes patented Binary Software Composition Analysis (SCA) along with source SCA.
This allows teams to create SBOMs or validate third party SBOMs from suppliers and partners for completeness - without violating license agreements
By maintaining all SBOMs in Clarity SC, security, development, and compliance personnel can maintain full visibility to risk, including automatic alerts for new vulnerabilities in existing products without rescanning.

Clarity SC Advantages

Fully Customizable Policy and Workflow Management

Every business is different. Approval workflow can be configured to support your business procedures and workflow. It maps open source components to their associated licenses to identify obligations and potential conflicts, and tracks exception handling.

No Need to Understand “Legalese”

Clarity SC translates complicated license language into clear attributes, allowing non-legal users to identify characteristics of licenses they wish to avoid – such as releasing source code – and add those to license policies.

Scan almost anything, even without source code

Clarity SC allows organizations to create or validate SBOMs for third party binaries without violating license agreements. In addition to traditional source-based scanning, Clarity’s patented binary SCA scanning produces an SBOM by examining compiled code, including applications, embedded firmware, IT infrastructure, and containers.

Integrates with multiple scanning tools

Integrates seamlessly with other tools such as Snyk and FOSSID, and can provide comparative analysis between SBOMs generated by different tools or provided by 3rd parties.

Continuous Real-Time Monitoring

Be notified of new vulnerabilities in your applications, firmware, devices, and IT infrastructure as they are disclosed – without the need to rescan.

Flexible deployment models

SaaS, on-prem, and hybrid deployment models to meet the needs of your organization.

A Flood of SBOMs is Coming

Insignary Clarity Supply Chain

Fully Customizable Policy and Workflow Management

Clarity SC enables teams to create and enforce open source policies for internal projects and third party binaries.

Policies can include permissible components, licenses, and security issues. Workflow includes reviews, approvals, and exceptions.

Clarity SC translates complex licensing language into plain language attributes allowing teams to build policies to avoid obligations such as distributing source code without the need for in depth legal knowledge.

Easily Create, Import, and Manage SBOMs in Standardized and Custom Formats

Partners and vendors may not have visibility to your policies and may use a variety of scanning tools (or none at all) to create SBOMs.

Clarity SC allows teams to generate, import, monitor, and manage internal and external SBOMs from a single application - even without source code.

It normalizes SBOMs to avoid confusion due to different terminologies depending on scanner tool vendors and supports multiple international and localized formats including Insignary Clarity, CycloneDX, SPDX, FossID, and Protex

Validate and Monitor Third Party SBOMs

Clarity SC Advantages

Fully Customizable Policy and Workflow Management

No Need to Understand “Legalese”

Scan almost anything, even without source code

Integrates with multiple scanning tools

Continuous Real-Time Monitoring

Flexible deployment models

HEADQUARTERS

FOLLOW US