BlueVoyant has introduced new Software Bill of Materials (SBOM) management features to its Supply Chain Defense platform, aimed at helping organisations identify and reduce cyber risk linked to third-party software. The enhancement is delivered through a partnership with Manifest, a cybersecurity firm focused on securing software supply chains for corporate and government clients.
Helping organisations manage third-party software risks
The new offering allows organisations to automate the ingestion, analysis and tracking of SBOM data from third-party vendors. The move comes as software supply chain threats grow more complex, with research showing that over 85% of applications contain at least one vulnerability. Despite this, many organisations still lack visibility into software components or a scalable method for managing SBOM data.
BlueVoyant’s upgraded Supply Chain Defense platform continuously monitors suppliers, vendors, and other third parties. It then works directly with them to resolve threats in real time. With the added SBOM capabilities, security teams can gain deeper insight into the software their businesses rely on, including open-source software and third-party dependencies.
“By combining Manifest’s depth of experience in SBOM with BlueVoyant’s holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,” said Marc Frankel, CEO and co-founder of Manifest.
Improved compliance and visibility across the supply chain
The integrated solution offers several benefits across key areas. In vendor risk management, organisations can automatically request SBOMs from suppliers, understand risk levels of their software, and include this data within broader third-party risk assessments.
It also supports smarter vulnerability management by prioritising threats and reducing false positives. For open-source software, it helps companies build an inventory of components across internal and external products, and assess risks before deployment.
In terms of compliance, the SBOM offering makes it easier to meet international cybersecurity standards and regulatory requirements. These include UN Regulation R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and EU frameworks like NIS2 and DORA.
“Organisations in the private and public sectors are realising that SBOM visibility is a crucial part of a proactive third-party cyber risk management program,” said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. “By enhancing BlueVoyant’s Supply Chain Defense with Manifest’s SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.”
Recognition for BlueVoyant’s cyber defence platform
BlueVoyant’s Supply Chain Defense solution has received multiple industry accolades. In 2025, it was named a winner in the Cybersecurity Excellence Awards for Supply Chain and a finalist in the SC Awards for Best Supply Chain Security. The company was also listed in the Gartner Market Guide for Third-Party Risk Management Technology Solutions published in May 2025.
The Supply Chain Defense module is part of BlueVoyant’s broader Cyber Defense Platform, which is designed to help clients detect, investigate and mitigate internal, external and third-party threats via a unified cloud-based system.
