Best Software Bill of Materials (SBOM) Software

Adam Crivello
AC
Researched and written by Adam Crivello

Software bill of materials (SBOM) solutions generate, ingest, manage, and monitor a machine-readable inventory of the components within software supply chains. The components covered include libraries, packages, modules, associated licenses, and more. Companies and developers use SBOM software to deliver and annotate comprehensive SBOMs for their software’s third party and open source components .

These solutions allow users to comply with government mandates that require the provision of a minimum SBOM. Maintaining and monitoring SBOMs also helps companies perform continuous risk assessments, though vulnerability remediation is not the primary focus of such tools. software composition analysis (SCA) tools scan software supply chains’ components and dependencies at the code level to identify and remediate security vulnerabilities, whereas SBOM software automates the standardized presentation of those elements for transparency, observability, and compliance.

To qualify for inclusion in the Software Bill of Materials (SBOM) category, a product must:

Automatically ingest and generate SBOMs in standard formats like CycloneDX and SPDX
Continuously monitor and update SBOMs based on component versions, associated licenses, dependencies, and more
Alert users of non-compliant elements in their software supply chain
Allow users to annotate SBOMs
Facilitate compliance with government regulations
Show More
Show Less

Featured Software Bill of Materials (SBOM) Software At A Glance

Easiest to Use:
OX Security
OX Security
Best Free Software:
OX Security
OX Security
Show More
Show Less

G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.

No filters applied
Clear Filter
More Filters
Avg. Customer Review
Sort by
Clear All
33 Listings in Software Bill of Materials (SBOM) Available
  • Sort By:
    Popularity

OX Security

(51)4.8 out of 5
1st Easiest To Use in Software Bill of Materials (SBOM) software
OverviewPros and Cons
Product Description

OX is redefining product security for the AI era. Founded by Neatsun Ziv and Lion Arzi, former Check Point executives, OX is the company behind VibeSec — the first AI-native vibe security platform.

Users: Security Engineer · Industries: Financial Services, Information Technology and Services · Market Segment: 63% Mid-Market, 25% Enterprise
Pros and ConsSeller Details
ProsFeatures, Ease of Use, Customer Support, Integration Support, Security
ConsIntegration Issues, Missing Features, Complexity, Inadequate Reporting, Limited Cloud Integration
Seller Details
Year Founded
2021
HQ Location
New York, USA
Company Website
https://www.ox.security/
LinkedIn® Page
https://www.linkedin.com/company/ox-security/

Cybeats

(15)4.4 out of 5
OverviewSeller Details
Product Description

Cybeats is at the forefront of cybersecurity innovation and is focused explicitly on automating Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) management. Our platfo

Market Segment: 47% Small-Business, 33% Mid-Market
Seller Details
Year Founded
2017
HQ Location
Toronto, Ontario
Company Website
https://www.cybeats.com/
Twitter
@cybeatstech
LinkedIn® Page
https://www.linkedin.com/company/cybeats/
G2 Advertising
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.
Learn More

Aqua Security

(57)4.2 out of 5
OverviewPros and Cons
Product Description

Aqua Security sees and stops attacks across the entire cloud native application lifecycle in a single, integrated platform. From software supply chain security for developers to cloud security and run

Industries: Computer Software, Financial Services · Market Segment: 56% Enterprise, 39% Mid-Market
Pros and ConsSeller Details
ProsSecurity, Ease of Use, Features, Detection, Vulnerability Identification
ConsMissing Features, Lack of Features, Limited Features, Difficult Navigation, Improvement Needed
Seller Details
Year Founded
2015
HQ Location
Burlington, US
Company Website
https://www.aquasec.com
Twitter
@AquaSecTeam
LinkedIn® Page
https://www.linkedin.com/company/aquasecteam/

Arnica

(5)4.9 out of 5
OverviewPros and Cons
Product Description

Arnica simplifies and effectively automates source code security, while maintaining or improving development velocity. Arnica uses rich tooling integration, deep learning, and behavioral analytics to

Market Segment: 60% Enterprise, 20% Mid-Market
Pros and ConsSeller Details
ProsAccuracy of Findings, Actionable Recommendations, Ease of Use, Easy Setup, Remediation Solutions
ConsPaid Features
Seller Details
Year Founded
2021
HQ Location
Alpharetta, Georgia
Company Website
https://www.arnica.io
Twitter
@arnicaio
LinkedIn® Page
https://www.linkedin.com/company/arnica-io/about

Socket

(9)4.6 out of 5
OverviewPros and Cons
Product Description

Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powe

Market Segment: 44% Mid-Market, 33% Enterprise
Pros and ConsSeller Details
ProsSecurity, Open Source, Accuracy of Findings, Alerts, Comprehensive Security
ConsMissing Features, System Slowness
Seller Details
Year Founded
2020
HQ Location
San Francisco, US
Company Website
https://socket.dev/
Twitter
@SocketSecurity
LinkedIn® Page
https://www.linkedin.com/company/socketinc/

SOOS

(42)4.6 out of 5
Entry Level Price:Free
OverviewPros and Cons
Product Description

SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate an

Industries: Information Technology and Services, Computer Software · Market Segment: 50% Mid-Market, 43% Small-Business
Pros and ConsSeller Details
ProsEase of Use, Easy Integrations, Integrations, Customer Support, Vulnerability Detection
ConsInadequate Reporting, Poor Reporting, Lacking Features, Lack of Guidance, Dashboard Issues
Seller Details
Year Founded
2019
HQ Location
Winooski, US
Company Website
https://soos.io
Twitter
@soostech
LinkedIn® Page
https://www.linkedin.com/company/53122310

Mend.io

(112)4.3 out of 5
Entry Level Price:$250.00
OverviewPros and Cons
Product Description

Mend.io is the leading application security solution, helping organizations reduce application risk efficiently. Built for modern, AI-driven, and traditional development environments alike, Mend.io pr

Users: Software Engineer · Industries: Computer Software, Information Technology and Services · Market Segment: 38% Small-Business, 34% Mid-Market
Pros and ConsSeller Details
ProsScanning Efficiency, Ease of Use, Easy Integrations, Scanning Technology, Vulnerability Detection
ConsIntegration Issues, Limited Features, Missing Features, Complex Implementation, Confusing Interface
Seller Details
Year Founded
2011
HQ Location
Boston, Massachusetts
Company Website
https://mend.io
Twitter
@Mend_io
LinkedIn® Page
https://www.linkedin.com/company/2440656/

CAST Highlight

(90)4.5 out of 5
Entry Level Price:Starting at $11,000.00
OverviewPros and Cons
Product Description

By scanning the source code of your applications, CAST Highlight instantly maps your software, generating the insights to understand, improve, and transform it. CIOs, CTOs, Enterprise Architects u

Industries: Information Technology and Services, Computer Software · Market Segment: 57% Enterprise, 24% Small-Business
Pros and ConsSeller Details
ProsEase of Use, Easy Setup, Cloud Services, Efficiency, Real-time Monitoring
ConsComplex Navigation, Dashboard Issues, Delayed Detection, Difficulty, Expensive
Seller Details
Year Founded
1990
HQ Location
New York
Company Website
https://www.castsoftware.com
Twitter
@SW_Intelligence
LinkedIn® Page
https://www.linkedin.com/company/cast/
Ownership
Bridgepoint

Manifest

(3)5.0 out of 5
View top Consulting Services for Manifest
OverviewPros and Cons
Product Description

Manifest helps organizations understand and reduce the cybersecurity risk in the technology they produce and procure. The Manifest platform operationalizes software bills of materials (SBOMs), artific

Market Segment: 67% Mid-Market, 33% Small-Business
Pros and ConsSeller Details
ProsEase of Use, Automation, Real-time Monitoring, Authentication Security, Customer Support
ConsTime Consumption
Seller Details
HQ Location
Connecticut, USA
Company Website
https://www.manifestcyber.com/
Twitter
@manifestcyber
LinkedIn® Page
https://www.linkedin.com/company/manifestcyber/

Snyk

(127)4.5 out of 5
Entry Level Price:Free
View top Consulting Services for Snyk
OverviewPros and Cons
Product Description

Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer securit

Users: Software Engineer · Industries: Computer Software, Information Technology and Services · Market Segment: 43% Mid-Market, 36% Small-Business
Pros and ConsSeller Details
ProsVulnerability Detection, Vulnerability Identification, Easy Integrations, Features, Integrations
ConsFalse Positives, Poor Interface Design, Scanning Issues, Software Bugs, Code Management
Seller Details
HQ Location
Boston, Massachusetts
Company Website
https://snyk.io
Twitter
@snyksec
LinkedIn® Page
https://www.linkedin.com/company/10043614/

Anchore

(4)4.4 out of 5
OverviewPros and Cons
Product Description

Anchore, Inc., based in Santa Barbara, CA, was founded in 2016 by Saïd Ziouani and Daniel Nurmi to help organizations implement secure container-based workflows without compromising velocity. Anchore

Market Segment: 50% Enterprise, 50% Mid-Market
Pros and ConsSeller Details
ProsCloud Integration, Ease of Use, Easy Integrations, Features, Onboarding
Seller Details
Year Founded
2016
HQ Location
Santa Barbara, California, United States
Company Website
https://www.anchore.com
Twitter
@anchore
LinkedIn® Page
https://www.linkedin.com/company/anchore/

1Exiger Platform

(14)4.5 out of 5
OverviewPros and Cons
Product Description

Exiger’s award-winning, purpose-built technology platform, 1Exiger, is the only open-source, third-party and supply chain management software that helps companies and government agencies achieve cost

Market Segment: 50% Enterprise, 50% Mid-Market
Pros and ConsSeller Details
ProsRisk Management, Ease of Use, Automation Efficiency, Compliance Management, Comprehensive Coverage
ConsLimited Customization, Limited Functionality, Difficult Usability, Limited Features, Poor Navigation
Seller Details
HQ Location
New York, NY
Company Website
https://www.exiger.com/
Twitter
@exigerllc
LinkedIn® Page
https://www.linkedin.com/company/exiger

Finite State

(2)4.8 out of 5
OverviewSeller Details
Product Description

Finite State manages risk across the software supply chain with comprehensive SCA and SBOMs for the connected world. By providing end-to-end SBOM solutions, Finite State enables Product Security teams

Market Segment: 50% Enterprise, 50% Small-Business
Seller Details
Year Founded
2017
HQ Location
Columbus, Ohio, United States
Company Website
https://finitestate.io
Twitter
@FiniteStateInc
LinkedIn® Page
https://www.linkedin.com/company/finitestate

JFrog

(116)4.2 out of 5
Entry Level Price:Starting at $150.00
OverviewPros and Cons
Product Description

JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to pro

Users: DevOps Engineer, Software Engineer · Industries: Information Technology and Services, Computer Software · Market Segment: 52% Enterprise, 32% Mid-Market
Pros and ConsSeller Details
ProsFeatures, Repository Management, Deployment, Integrations, Easy Integrations
ConsComplexity, Expensive, Learning Curve, Difficult Learning, Learning Difficulty
Seller Details
Year Founded
2008
HQ Location
Sunnyvale, CA
Company Website
https://jfrog.com
Twitter
@jfrog
LinkedIn® Page
https://www.linkedin.com/company/jfrog-ltd/
Ownership
NASDAQ: FROG

SonarQube

(139)4.4 out of 5
Entry Level Price:Free
OverviewPros and Cons
Product Description

Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verificat

Users: Software Engineer, DevOps Engineer · Industries: Information Technology and Services, Computer Software · Market Segment: 42% Enterprise, 38% Mid-Market
Pros and ConsSeller Details
ProsCode Quality, Features, Issue Identification, Ease of Use, Easy Integrations
ConsSoftware Bugs, Complex Configuration, False Positives, Complexity, Complex Setup
Seller Details
Year Founded
2008
HQ Location
Geneva, Switzerland
Company Website
https://www.sonarsource.com
Twitter
@SonarSource
LinkedIn® Page
https://www.linkedin.com/company/sonarsource/
Filters
Filter
Clear Filter
More Filters
Avg. Customer Review
Sort by
Clear All
Clear Filter
More Filters
Avg. Customer Review
Sort by
Clear All
33 Listings in Software Bill of Materials (SBOM) Available
  • Sort By:
    Popularity

Recommended For You

ActiveCampaign
Zoho CRM
LocaliQ
Constant Contact Advanced Automation
Freshsales