Manifest Detect is a software composition analysis tool that tracks open-source software (OSS) components across applications. The platform automatically creates and maintains an enterprise-wide inventory of OSS components across codebases, pipelines, and applications. The tool continuously monitors OSS dependencies against CVE databases and enriches vulnerability data with exploitability information from EPSS and KEV datasets. This allows security teams to prioritize vulnerabilities based on actual exploitability rather than relying solely on CVSS scores. Manifest Detect provides license compliance capabilities by automatically detecting non-compliant or high-risk OSS licenses and enforcing compliance policies. The platform flags restrictive or incompatible licenses to help organizations maintain compliance with their policies. The tool integrates OSS tracking with SBOM content, providing context to raw SBOM data through vulnerability and exploitability dataset integrations. It maintains an auditable inventory of OSS usage across the enterprise to support audit readiness. Manifest Detect is part of a broader software supply chain security platform that includes supplier risk and governance modules, providing a unified view of OSS risks within the overall supply chain security context.