Back to blog

Rezilion’s Dynamic SBOM: Now Supporting Windows 

Shahar Bahat
Shahar Bahat November 9, 2022
3 minute read
Rezilion logo and SBOM Expandion

Today we’re excited to share that we’re expanding our Dynamic Software Bill of Materials (Dynamic SBOM) service to support Windows environments.

In May of 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity. The objective of the order is to enhance the US government’s defenses in the wake of several high-profile breaches, including those that impacted SolarWinds and Kaseya.

One key element of this order is a requirement for a Software Bill of Materials (SBOM). Vendors who want to contract with federal agencies must now provide an SBOM as part of the government’s procurement process. The SBOM details software dependencies and components in a product, offering critical visibility that helps to determine if a vulnerability is present in an environment. We predict the federal order is only step one is what will become a widespread adoption of SBOMs throughout private sector organizations as well.

Our Dynamic SBOM tool answers the call for visibility in multiple environments as it runs on both Windows and Linux platforms, allowing you to manage and monitor your whole environment in one place with an intuitive user interface.

With this new tool, Rezilion provides a clear and comprehensive view of all of your components, including files and  packages, Windows programs, and Windows features. Additionally, it reveals which vulnerabilities are associated with each package, as well as whether or not they are exploitable. 

Various SBOM export formats are available, including CycloneDX and CycloneDX + VEX standards, as well as CSV, JSON, and XLSX for convenient and automated use.

Based on the CycloneDX specification, the DSBOM output will contain the following information:

    1. Host & Image information

    2. This component (open source packages, Windows program and features) is associated with each host or image and contains metadata and information on whether they are loaded or not:

a. Component name

    b. Version

    c. Package manager 

    d. Host & image for associated  packages 

    3. Vulnerabilities associated with installed packages on your hosts / images and whether they can be exploited

    4. Components, dependencies & license information

Using a Dynamic SBOM tool will help you understand, manage, and control your attack surface, which is not only important for your organization’s compliance posture, but also for communicating your real risks to customers, third parties, or other stakeholders. 

Learn more about Rezilion’s Dynamic SBOM at https://www.rezilion.com/platform/dynamic-sbom/.

Want to see it in action? Book a demo today to learn more about Rezilion’s Windows software security solutions.

Keep reading

Uplevel to Next-Generation Vulnerability Management with our CISO Guide
Blog

Uplevel to Next-Generation Vulnerability Management with our CISO Guide

Read Now
Rezilion Recognized in Four Gartner® Hype Cycle™ Reports and the 2023 Gartner Market Guide for Vulnerability Assessment 
Blog

Rezilion Recognized in Four Gartner® Hype Cycle™ Reports and the 2023 Gartner Market Guide for Vulnerability Assessment 

Read Now
What Can Happen If You Don’t Address Software Supply Chain Security Issues?
Blog

What Can Happen If You Don’t Address Software Supply Chain Security Issues?

Read Now

Reduce your patching efforts by
85% or more in less than 10 minutes

Get Demo