Connect with us

Hi, what are you looking for?



Investors Make $6M Bet on Manifest for SBOM Management Technology

Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs).

Manifest, an early stage startup building technology to help businesses generate, collect, and operationalize software bill of materials (SBOMs), has banked $6 million in venture capital funding as investors race to find value in software supply chain security companies.

The $6 million seed round was led by First Round Capital and closes alongside news that Manifest secured two new contracts from the U.S. government to help federal agencies and the military understand what’s in the software that they use.

“Enterprises can no longer afford to blindly build and consume software without tracking what’s inside,” Manifest said. “[We help] enterprises automatically monitor their SBOMs, so they can quickly identify any exposure to vulnerabilities and alert customers before they even know there’s an issue. This allows enterprises to put remediation strategies in place within a matter of hours or days — not weeks or months, as we saw with organizations scrambling in the wake of Log4Shell.”

Manifest, created by entrepreneurs with prior experience at the Pentagon and Palantir, is banking on the growing importance of mandatory SBOMs to provide nested lists of components in modern software products. 

The U.S. government has issued mandates describing SBOMs as a critical part of federal cybersecurity policy, forcing CISOs and security leaders to look for SBOM management capabilities.

According to Manifest, tools have emerged to help developers generate SBOMs but there’s almost nothing to help security professionals consume SBOMs. And without a method of consumption, SBOMs remain uncontextualized bits of JSON files stored on desktops and in Google Drive folders.

The company said its platform is capable of automatically generating SBOMs without developer intervention from an organization’s CI/CD pipeline, and securely share SBOMs between vendors and customers with AskBOM, an automated SBOM solicitation tool.

Advertisement. Scroll to continue reading.

The Manifest platform also promises tools to ingest SBOMs in any format (CycloneDX or SPDX) or file type. The company also promises vulnerability and exploitability assessment capabilities to match known components from vulnerability databases, and enrich that data with exploitability information from EPSS and CISA’s KEV (known exploited vulnerabilities) list..

Related: CISO Forum Panel: Navigating SBOMs and Supply Chain Security Transparency

Related: Cybersecurity Leaders Scramble to Decipher SBOM Mandate

Related: SecurityWeek Video: A Civil Discourse on SBOMs

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Thirty-five cybersecurity-related M&A deals were announced in February 2023


Forty cybersecurity-related M&A deals were announced in January 2023.


Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...