A Software Bill of Materials (SBOM) is a complete, structured inventory of all components, libraries, and dependencies used in your software. Wisec automates the creation and certification of SBOMs to ensure your software supply chain is transparent and secure.
With the rise of supply chain attacks, knowing exactly what is inside your code is no longer optional. Regulatory frameworks like NIS2 and the Cyber Resilience Act increasingly require companies to maintain and share certified SBOMs with their customers and auditors.
The Wisec Agent is designed to be "zero-config". During your CI/CD pipeline execution:
Discovery: The agent scans your project for Go, NPM, and Python dependencies.
Auto-Generation: If no SBOM is found, Wisec automatically generates a standard CycloneDX 1.4 JSON file (wisec-bom.json).
External Support: If you already use tools like Syft or Trivy, you can point Wisec to your existing SBOM using the WISEC_SBOM_PATH environment variable.
Wisec doesn't just generate a list; it provides mathematical proof of its integrity.
Hashing: We calculate a SHA-256 fingerprint of your binary and your SBOM.
Signing: This metadata is signed using your unique Ed25519 private key.
IPFS Anchoring: The signed manifest (the "Seal") is anchored to IPFS, creating an immutable public record of that specific build's security state.
From the Wisec Dashboard, you can download a Certified Security Bundle for any successful build. This ZIP archive includes:
sbom.json: The full dependency inventory, enriched with vulnerability findings.
manifest.json: The signed proof retrieved from IPFS.
VERIFICATION.txt: Instructions for third-party auditors to verify the hashes manually.
Wisec strictly adheres to the CycloneDX v1.4 specification, ensuring that our SBOMs are compatible with industry-standard security tools and automated vulnerability management platforms.
Immutable storage traceability and AI anomaly detection for modern DevSecOps teams
Wisec Β© 2026 π«π·
