Digital Solutions

Our Products: Your Solution. Solutions for a digital world.

3D Globe

SBOM Monitor

Your software supply chain. Monitored from start to finish.

SBOM Monitor detects vulnerabilities in your software components before they become a risk. Continuous CVE monitoring from over 15 sources—on-premises or in the cloud.

A central dashboard for SBOM management, vulnerability monitoring, and compliance—within your infrastructure.

TOOL FOR DELPHI

SBOM-Monitor EU CRA & NIS2 Ready

A central dashboard for SBOM management, vulnerability monitoring, and compliance—within your infrastructure.

0 +

CVE-Data Sources

<wpml_root/> 0 min

Detection time

0 %

On-premises deployment is possible

CRA

Compliance ready

EU CRA

Cyber Resilience Act — SBOM requirement for all digital products. Vulnerability reporting starting in September 2026.

NIS2

Network and Information Security Policy — Supply Chain Security for Critical and Important Facilities.

EO 14028

U.S. Executive Order — SBOM Requirement for All Federal Agency Suppliers.

BSI TR-03183

BSI Technical Guideline — Formal SBOM Specifications for CycloneDX & SPDX.

Advanced Integrations for Delphi & Embedded Linux

SBOM Monitor goes beyond standard SBOMs—with native integrations for two worlds that other providers ignore.

Delphi / Native

MSys SBOM Generator Integration

Delphi-IDE-Plugin → SBOM Monitor Pipeline

Delphi projects do not generate package.json or requirements.txt files—traditional SCA tools are unable to process them. Our MSys SBOM Generator plugin for the Delphi IDE generates CycloneDX SBOMs directly from .dproj files, including BPL dependencies, GetIt packages, and third-party components.

  • Automatic SBOM generation with every build
  • Detection of TMS, DevExpress, Indy, and other component libraries
  • Push to an SBOM Monitor via REST API directly from the IDE
  • Versioning by Build Configuration (Win32/Win64/Linux64)
  • Can also be used for Lazarus/FPC projects

Linux / Embedded

Yocto & Linux-Distribution Support

Bitbake Recipes → Layer-Level Monitoring

Embedded Linux images (Yocto/OpenEmbedded, Buildroot) consist of hundreds of packages spread across multiple layers. SBOM Monitor understands the layer structure and monitors every component—from kernel modules to userspace libraries.

  • Native Yocto/Bitbake SPDX-Import (create-spdx class)
  • Layer-level view: meta-oe, meta-security, and BSP layers can be monitored individually
  • Debian/Ubuntu, Alpine, and Fedora package manifests can be imported directly
  • CVE mapping against Linux kernel CVEs, Debian Security Tracker, Alpine SecDB
  • Includes firmware and bootloader components (U-Boot, GRUB)

Everything You Need for Supply Chain Security

A central dashboard for SBOM management, vulnerability monitoring, and compliance—within your infrastructure.

SBOM Upload & Management

Upload CycloneDX and SPDX SBOMs—via the web UI, REST API, or CI/CD pipeline. Organized by products, versions, and components.

SBOM-Upload & Verwaltung

Upload CycloneDX and SPDX SBOMs—via the web UI, REST API, or CI/CD pipeline. Organized by products, versions, and components.

Multi-Source CVE Monitoring

Continuous monitoring from NVD, GitHub Advisories, OSV, CISA KEV, CERT-Bund, and other sources. New CVEs are automatically checked against your SBOMs.

Multi-Source CVE Monitoring

Continuous monitoring from NVD, GitHub Advisories, OSV, CISA KEV, CERT-Bund, and other sources. New CVEs are automatically checked against your SBOMs.

Real-Time Notifications

Email, Microsoft Teams, Slack, or webhooks—configurable by product and severity level. No critical CVE goes unnoticed.

Echtzeit-Benachrichtigungen

Email, Microsoft Teams, Slack, or webhooks—configurable by product and severity level. No critical CVE goes unnoticed.

Compliance-Reports

Automatically generated reports for CRA, NIS2, and internal audits. Exportable as PDF, JSON, or in a machine-readable format in accordance with BSI TR-03183.

Compliance-Reports

Automatically generated reports for CRA, NIS2, and internal audits. Exportable as PDF, JSON, or in a machine-readable format in accordance with BSI TR-03183.

On-Premise & Docker

Run SBOM Monitor in your own data center—as a Docker container or a Windows service. Your data never leaves your network.

On-Premise & Docker

Run SBOM Monitor in your own data center—as a Docker container or a Windows service. Your data never leaves your network.

REST-API & Integrations

Complete REST API for CI/CD integration. Automated uploads from GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.

REST-API & Integrationen

Complete REST API for CI/CD integration. Automated uploads from GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.