HERCULES SecSAM is an Open Source Software (OSS) risk management system designed to identify and manage risks associated with third-party components in software projects and products. The system analyzes software composition to generate Software Bills of Materials (SBOM), enabling teams to track vulnerabilities, licensing issues, and supply chain dependencies within their products. Key functional areas include: **Software Acceptance & Outsourced Security:** Performs firmware scanning for software traceability and supply chain composition analysis. Identifies all third-party libraries and their versions within firmware files without requiring source code — applicable to firmware from outsourced vendors or in-house development. **Vulnerability Analysis & Risk Classification:** Automatically analyzes security vulnerabilities present in software and classifies them by severity to help users assess risk exposure. Enables early detection of vulnerabilities during the design phase, reducing remediation time and cost. **License Risk Analysis:** Scans firmware to automatically identify open source license types used within a product, classifies licenses into Permissive/Pro-Active categories, and flags high-litigation-risk licenses and associated packages. **SBOM Compliance & Standards:** Generates SBOMs in standardized formats, supports the SWID international specification, provides visual SBOM management, and allows user-defined SBOM templates. The product supports CI/CD pipeline integration via issue tracking management systems. It has received the 2023 Cybersecurity Excellence Awards (Open Source Security - Asia Gold Winner) and the 2022 IT World Awards (Hot Technology of the Year - Security Software).