BlueVoyant Unveils New SBOM Capabilities as Part of Its Leading Third-Party Cyber Risk Management Solution
London, UK, 3 June, 2025 – BlueVoyant, the leader in integrated cybersecurity, today launched its Software Bill of Materials (SBOM) management offering, which helps organisations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defence, BlueVoyant’s next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant’s SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specialises in securing software supply chains for corporate and government entities.
More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organisations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organisations are looking for solutions.
By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on.
“By combining Manifest's depth of experience in SBOM with BlueVoyant’s holistic Supply Chain Defence, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,” said Marc Frankel, CEO and co-founder of Manifest.
The key benefits of utilising SBOM for third-party risk are:
· Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk management
· Smarter vulnerability management: Prioritise vulnerabilities quickly, and triage issues to reduce false positives and avoid unnecessary mitigation work
· Open Source Software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products, and scan OSS repositories to assess risk before implementing them
· Simplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and the EU’s NIS2 and DORA
“Organisations in the private and public sectors are realising that SBOM visibility is a crucial part of a proactive third-party cyber risk management programme,” said Joel Molinoff, global head of Supply Chain Defence at BlueVoyant.
“By enhancing BlueVoyant’s Supply Chain Defence with Manifest’s SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.”
BlueVoyant’s Supply Chain Defence has garnered multiple industry awards. This year it was named a winner in the Cybersecurity Excellence Awards for Supply Chain and a finalist in the SC Awards for Best Supply Chain Security. Additionally, BlueVoyant was recognised in the 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions published in May 2025 by Antonia Donaldson, Luke Ellery, et al.
Supply Chain Defence is part of the BlueVoyant Cyber Defence Platform, which provides holistic cyber defence by helping clients to detect, investigate, and mitigate threats from internal, external, and third-party ecosystems in one cloud-native platform.
Find more information about BlueVoyant's SBOM solution here.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designations. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About BlueVoyant
BlueVoyant delivers a comprehensive cloud-native security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains, extending to the clear, deep, and dark web. The platform integrates advanced AI technology with expert human insight to offer extensive protection and swift threat mitigation, ensuring enterprise cybersecurity. Trusted by more than 1,000 clients globally, and the 2024 Microsoft Worldwide Security Partner of the Year, BlueVoyant sets the standard for modern cyber defence solutions.
About Manifest
Manifest is a cybersecurity company that reduces software supply chain risk through its software bills of materials (SBOM) and AI Bill of Materials (AIBOM) management platform. By automatically generating, managing, and analysing an organisation’s BOMs, Manifest instantly finds vulnerabilities embedded in the software they build and buy and provides proactive alerts before an organisation even knows there’s an issue. Founded in 2022 by former employees of Palantir, DoD, and DHS CISA, Manifest quantifies third-party risk in software supply chains.
PR Contact:
Jim Pople
jim@c8consulting.co.uk
BlueVoyant Press Contact:
Jennifer Schlesinger
jenny.schlesinger@bluevoyant.com