BlueVoyant Unveils New SBOM Capabilities as Part of Its Leading Third-Party Cyber Risk Management Solution

NEW YORK, June 3, 2025 – BlueVoyant, the leader in integrated cybersecurity, today launched its Software Bill of Materials (SBOM) management offering, which helps organizations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defense, BlueVoyant’s next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant’s SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specializes in securing software supply chains for corporate and government entities.   

More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organizations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organizations are looking for solutions. 

By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on. 

“By combining Manifest's depth of experience in SBOM with BlueVoyant’s holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,” said Marc Frankel, CEO and co-founder of Manifest.

The key benefits to utilizing SBOM for third-party risk are: 

• Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk management 
• Smarter vulnerability management: Prioritize vulnerabilities quickly, and triage issues to reduce false positives and avoid unnecessary mitigation work 
• Open Source Software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products, and scan OSS repositories to assess risk before implementing them 
• Simplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and the EU’s NIS2 and DORA 

“Organizations in the private and public sectors are realizing that SBOM visibility is a crucial part of a proactive third-party cyber risk management program,” said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. “By enhancing BlueVoyant’s Supply Chain Defense with Manifest’s SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.”  

BlueVoyant’s Supply Chain Defense has garnered multiple industry awards. This year it was named a winner in the Cybersecurity Excellence Awards for Supply Chain and a finalist in the SC Awards for Best Supply Chain Security. Additionally, BlueVoyant was recognized in the 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions published May 2025 by Antonia Donaldson, Luke Ellery, et al. 

Supply Chain Defense is part of the BlueVoyant Cyber Defense Platform, which provides holistic cyber defense by helping clients to detect, investigate, and mitigate threats from internal, external, and third-party ecosystems in one cloud-native platform.  

Find more information about BlueVoyant's SBOM solution here.   

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

About BlueVoyant   

BlueVoyant delivers a comprehensive cloud-native security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains, extending to the clear, deep, and dark web. The platform integrates advanced AI technology with expert human insight to offer extensive protection and swift threat mitigation, ensuring enterprise cybersecurity. Trusted by more than 1,000 clients globally, and the 2024 Microsoft Worldwide Security Partner of the Year, BlueVoyant sets the standard for modern cyber defense solutions.

BlueVoyant Press Contact:   

Jennifer Schlesinger    

[email protected] 

About Manifest 

Manifest is a cybersecurity company that reduces software supply chain risk through its software bills of materials (SBOM) and AI Bill of Materials (AIBOM) management platform. By automatically generating, managing, and analyzing an organization’s BOMs, Manifest instantly finds vulnerabilities embedded in the software they build and buy and provides proactive alerts before an organization even knows there’s an issue. Founded in 2022 by former employees of Palantir, DoD, and DHS CISA, Manifest quantifies third-party risk in software supply chains.