Overview

CAST SBOM Manager handles the full SBOM lifecycle from creation to ongoing management. It generates SBOMs from code scans, Git repositories, or imported files. It adds vulnerability and license data using its SCA database, license library, and the NIST NVD. The output can be delivered in the formats required for specific compliance, reporting, or integration needs.

It continuously enriches SBOMs with updated vulnerability and license information. Teams can add ownership, lifecycle stage, or obsolescence details. Automation and manual input keep SBOMs accurate and relevant.

Governance tools group components into catalogues. Version tracking shows changes between releases. Views can be tailored for engineers, security teams, compliance officers, or executives. Dashboards give clear insights. Audit trails record every change.

CAST SBOM Manager turns SBOMs into living assets that support decisions across the software lifecycle.

Local-First Architecture

CAST SBOM Manager is designed as a local-first desktop application, meaning all data is stored and processed entirely on your machine. This architecture ensures:

• Data Privacy: No SBOM data, component metadata, or user credentials are sent to the cloud or external servers (except when explicitly interacting with CAST Highlight’s SCA database).
• Offline Usability: Once installed and initialized, the application can function without continuous internet access, except for optional vulnerability lookups or catalog updates.
• Fast Performance: Local storage and processing reduce latency and improve responsiveness, especially when working with large codebases.