Per-release SBOMs, xBOMs and every other artifact - stored for 10+ years, versioned and audit-ready
Asset Management & Evidence Platform
ReARM is a system of record that collects, stores for 10+ years, versions, and traces all digital artifacts required to prove the integrity, safety, and compliance of software, firmware, and hardware throughout their lifecycle. This includes SBOMs, HBOMs, other xBOMs, VEX, VDR, BOV, SARIF, attestations, build metadata, and more.
Regulatory Compliance
ReARM provides a central repository for SBOMs, xBOMs, and security artifacts across all your releases. It ensures supply chain compliance with EU CRA, NIS2, DORA, US Executive Orders 14028 and 14144, Section 524B of the FD&C Act, and India's RBI and SEBI regulations.
Know exact security posture of each release and changes over time
ReARM aggregates findings from Dependency-Track and other security tools into a unified view. Track vulnerabilities and policy violations across releases with scoped auditing, deduplication, and rich changelogs showing how your security posture evolves over time.
Get Automated Versioning and Changelogs for your Releases
ReARM automates version bumping and changelog generation for every release. ReARM provides changelogs for source code changes, SBOM component changes and security finding changes. Choose your versioning schema, connect your CI pipeline, and ReARM handles the rest - tracking every artifact and evidence entry per release.
Automated Bundling into Products
ReARM automatically bundles your Components into Products and supports multi-level nesting. Evidence and findings from component releases propagate to product level, giving you a unified view across your entire supply chain.
Finding Management System With Scopes
ReARM includes a comprehensive finding management system with support for multiple scopes (organization-wide, product-level, component-level, release-level). It supports all types of findings, including Vulnerabilities, Weaknesses, and License Compliance Violations. Findings are aggregated per-release across all evidences supplied to ReARM.
Agentic SBOM Enrichment and Augmentation
ReARM includes Reliza BEAR, an agentic SBOM enrichment and augmentation tool that automatically enriches your SBOMs with additional metadata, including supplier, copyright and license information.
Approval and Lifecycle Management
ReARM Pro provides rich capabilities for managing approvals and lifecycles of your releases. Both manual and automated approvals are supported.
Supports
OWASP Transparency Exchange API
Integrates
with your favorite tools
Clients and Partners
Pricing & Plans
Fixed predictable rates for any team?
ReARM CE
- FOSS ReARM Community Edition
- Self-Hosted
- Single Organization
- Community support
- All Core SBOM/xBOM Storage & Retrieval Functionality
- Vulnerabilities and Violations via self-managed Dependency-Track Integration
ReARM Pro - Starter
- Up to 80GB of storage for compressed artifacts*Usually, enough to store more than 250,000 SBOMs
- Priority Support (8 hours response time)
- Managed Dependency-Track
- Multi-Perspective Workflow
- Approvals & Event Workflows
- Marketing Releases
- SBOM Enrichment via BEAR
- Free 90-day trial
ReARM Pro - Standard
- All in ReARM Pro - Starter
- Private VPN / VNet with SSO and unlimited artifact storage, option for on-prem deployment
- Enhanced support (24x7, 4 hours response time)
- Support for Multi-Organization Workflow
- Free 90-day trial
ReARM Pro - Enterprise
- All in ReARM Pro - Standard
- Premium support (24x7, 1 hour response time)
- Option for air-gapped deployment
- Free 90-day trial