DeployHub SBOM Vulnerability Management

DeployHub SBOM Vulnerability Management is a platform that consumes and aggregates Software Bills of Materials (SBOMs) to detect vulnerabilities in deployed software systems. The platform addresses the challenge of tracking open-source components, dependencies, and vulnerabilities across decoupled architectures after deployment. The tool aggregates multiple SBOMs from microservices, containers, and repositories into consolidated reports that provide visibility into component interactions across environments. It continuously monitors production systems against SBOM data to identify newly discovered vulnerabilities in real-time. DeployHub integrates SBOM generation into CI/CD pipelines, capturing component updates and tracking dependencies across releases. The platform provides aggregated SBOM reports that include component names, supplier information, versions, dependencies, CVEs, and timestamps. The solution supports compliance with Executive Order 14028 through centralized SBOM data aggregation and single-click reporting capabilities. It maps component-level SBOMs to logical application views to simplify security management in decoupled architectures. DeployHub is based on Ortelius, an open-source project incubating at the Continuous Delivery Foundation. The platform offers both commercial and SaaS deployment options.