Manifest, an early stage startup building technology to help businesses generate, collect, and operationalize software bill of materials (SBOMs), has banked $6 million in venture capital funding as investors race to find value in software supply chain security companies.
The $6 million seed round was led by First Round Capital and closes alongside news that Manifest secured two new contracts from the U.S. government to help federal agencies and the military understand what’s in the software that they use.
“Enterprises can no longer afford to blindly build and consume software without tracking what’s inside,” Manifest said. “[We help] enterprises automatically monitor their SBOMs, so they can quickly identify any exposure to vulnerabilities and alert customers before they even know there’s an issue. This allows enterprises to put remediation strategies in place within a matter of hours or days — not weeks or months, as we saw with organizations scrambling in the wake of Log4Shell.”
Manifest, created by entrepreneurs with prior experience at the Pentagon and Palantir, is banking on the growing importance of mandatory SBOMs to provide nested lists of components in modern software products.
The U.S. government has issued mandates describing SBOMs as a critical part of federal cybersecurity policy, forcing CISOs and security leaders to look for SBOM management capabilities.
According to Manifest, tools have emerged to help developers generate SBOMs but there’s almost nothing to help security professionals consume SBOMs. And without a method of consumption, SBOMs remain uncontextualized bits of JSON files stored on desktops and in Google Drive folders.
The company said its platform is capable of automatically generating SBOMs without developer intervention from an organization’s CI/CD pipeline, and securely share SBOMs between vendors and customers with AskBOM, an automated SBOM solicitation tool.
The Manifest platform also promises tools to ingest SBOMs in any format (CycloneDX or SPDX) or file type. The company also promises vulnerability and exploitability assessment capabilities to match known components from vulnerability databases, and enrich that data with exploitability information from EPSS and CISA’s KEV (known exploited vulnerabilities) list..
Related: CISO Forum Panel: Navigating SBOMs and Supply Chain Security Transparency
Related: Cybersecurity Leaders Scramble to Decipher SBOM Mandate
Related: SecurityWeek Video: A Civil Discourse on SBOMs
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
- Researchers Spot APTs Targeting Small Business MSPs
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- Red Hat Pushes New Tools to Secure Software Supply Chain
- Investors Make $6M Bet on Manifest for SBOM Management Technology
- Entro Raises $6M to Tackle Secrets Sprawl
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
