Qwiet SBOM

Qwiet SBOM is a software bill of materials generation tool that provides visibility into software components and dependencies. The tool scans applications to create comprehensive inventories that include both open source libraries and proprietary code. The platform uses SAST scanning capabilities to identify all components within a software stack. It generates detailed SBOMs that catalog dependencies and potential vulnerabilities across the software inventory. The tool incorporates Code Property Graph (CPG) analysis to determine vulnerability reachability. This functionality helps security teams assess whether identified vulnerabilities in packages can actually be exploited by attackers, enabling risk prioritization. For each package identified in the SBOM, the platform provides detailed explanations of related security issues along with mitigation recommendations. The reachability analysis uses AI to scan the CPG and determine if vulnerable components are accessible through attack paths. The tool is designed to support supply chain security by identifying third-party exposure and hidden vulnerabilities within software dependencies. It aims to provide transparency throughout the software development lifecycle from development through deployment.