ReARM

Release-Level Supply Chain Evidence Platform

Per-release SBOMs, xBOMs and every other artifact - stored for 10+ years, versioned and audit-ready

Supports

OWASP Transparency Exchange API

OWASP Transparency Exchange API

Integrates

with your favorite tools

Dependency-TrackCycloneDXSPDXAzure DevOpsGitHubGitLabJenkinsNVDOSVSonatype OSS IndexSnykSlackSigstore CosignMicrosoft TeamsOpen Container InitiativeSendGridSemgrepCheckovGmailShiftLeftCyberClearlyDefined

Clients and Partners

Invest OttawaRogers Cybersecure CatalystRogers Cybersecure CatalystKDM AnalyticsIQ Innovation HubWysdom.AIOVHcloudWicWac

Asset Management & Evidence Platform

ReARM is a system of record that collects, stores for 10+ years, versions, and traces all digital artifacts required to prove the integrity, safety, and compliance of software, firmware, and hardware throughout their lifecycle. This includes SBOMs, HBOMs, other xBOMs, VEX, VDR, BOV, SARIF, attestations, build metadata, and more.


Regulatory Compliance

ReARM provides a central repository for SBOMs, xBOMs, and security artifacts across all your releases. It ensures supply chain compliance with EU CRA, NIS2, DORA, US Executive Orders 14028 and 14144, Section 524B of the FD&C Act, and India's RBI and SEBI regulations.


Know exact security posture of each release and changes over time

ReARM aggregates findings from Dependency-Track and other security tools into a unified view. Track vulnerabilities and policy violations across releases with scoped auditing, deduplication, and rich changelogs showing how your security posture evolves over time.


Get Automated Versioning and Changelogs for your Releases

ReARM automates version bumping and changelog generation for every release. ReARM provides changelogs for source code changes, SBOM component changes and security finding changes. Choose your versioning schema, connect your CI pipeline, and ReARM handles the rest - tracking every artifact and evidence entry per release.


Automated Bundling into Products

ReARM automatically bundles your Components into Products and supports multi-level nesting. Evidence and findings from component releases propagate to product level, giving you a unified view across your entire supply chain.


Approval and Lifecycle Management

ReARM Pro provides rich capabilities for managing approvals and lifecycles of your releases. Both manual and automated approvals are supported.


Pricing & Plans

Fixed predictable rates for any team?

Pricing region:

ReARM CE

Free
Forever
 
  • FOSS ReARM Community Edition
  • Self-Hosted
  • Single Organization
  • Community support
  • All Core SBOM/xBOM Storage & Retrieval Functionality
  • Vulnerabilities and Violations via self-managed Dependency-Track Integration
Documentation

ReARM Pro - Starter

$107
Per Month
  • Up to 80GB of storage for compressed artifacts*Usually, enough to store more than 250,000 SBOMs
  • Priority Support (8 hours response time)
  • Managed Dependency-Track
  • Multi-Perspective Workflow
  • Approvals & Event Workflows
  • Marketing Releases
  • SBOM Enrichment via BEAR
  • Free 90-day trial
Contact Sales

ReARM Pro - Standard

$1200
Per Month
  • All in ReARM Pro - Starter
  • Private VPN / VNet with SSO and unlimited artifact storage, option for on-prem deployment
  • Enhanced support (24x7, 4 hours response time)
  • Support for Multi-Organization Workflow
  • Free 90-day trial
Contact Sales

ReARM Pro - Enterprise

$68
per user per month
40+ users
  • All in ReARM Pro - Standard
  • Premium support (24x7, 1 hour response time)
  • Option for air-gapped deployment
  • Free 90-day trial
Contact Sales

Questions about product or pricing?

Book demo with us!

Book Private Demo