Press Release: Reliza and ShiftLeftCyber Announce Integration of SecureSBOM Signing into ReARM Platform

Ottawa, Ontario, Canada, 2025-12-15 - Reliza, the Canadian creator of the ReARM Software and Hardware Supply Chain Evidence Store, and ShiftLeftCyber, a Canadian innovator in SBOM authenticity and integrity solutions, today announced a new integration that enables seamless use of SecureSBOM signing inside Reliza's ReARM platform.

With this integration, ReARM can now ingest SecureSBOM-signed BOMs or detached signatures. Further, ReARM provides storage for SecureSBOM public key IDs or original public keys used for offline verification. This allows organizations to verify authenticity, detect tampering, and maintain chain-of-custody for Bills of Materials across their supply chains. In addition, SecureSBOM signing is now fully integrated into ReARM's standard GitHub Actions workflow, giving Development, DevOps, and DevSecOps teams an intuitive, automated way to sign BOMs at build time with minimal additional configuration.

This collaboration strengthens Canada's leadership in software supply chain security by combining ReARM's advanced SBOM/xBOM management with SecureSBOM's cryptographically verifiable signing framework. Reliza and ShiftLeftCyber, both proudly Canadian companies, are demonstrating that the next generation of supply chain security solutions can be built locally while operating at global scale. By combining Reliza's end-to-end visibility with SecureSBOM's tamper-evident signing, organizations gain a more trustworthy, compliant, and interoperable SBOM workflow.

Pavel Shukhman, CEO of Reliza: "This integration with ShiftLeftCyber aligns perfectly with our mission to bring reliability, authenticity, and automation to supply chain management. SecureSBOM signing enhances the trust developers, security teams, and auditors can place in ReARM-managed SBOMs."

Jason Smith, CEO of ShiftLeftCyber: "By integrating SecureSBOM signing directly into ReARM, we're making secure software provenance both accessible and automated. We believe that SBOM signing is a logical next step in the evolution of supply chain security."

The integration is available today for both ReARM Community Edition and ReARM Pro. Developers using ReARM's official GitHub Actions automatically gain access to SecureSBOM signing options.

About Reliza - Reliza is a Canadian software supply chain security company and the creator of ReARM, a Software and Hardware Supply Chain Evidence Store designed to manage, retain, and govern SBOMs, xBOMs, and related compliance artifacts. ReARM helps organizations achieve end-to-end visibility, integrity, and regulatory readiness across their software and hardware supply chains by providing a centralized system of record for supply chain evidence, including signatures, and attestations. Learn more at https://rearmhq.com.

About ShiftLeftCyber - ShiftLeftCyber is a Canadian cybersecurity company focused on improving software supply chain integrity through cryptographically verifiable provenance and authenticity controls. Its SecureSBOM framework enables organizations to sign, verify, and validate SBOMs using tamper-evident cryptographic signatures, helping development and security teams establish trust, detect manipulation, and strengthen compliance across modern CI/CD pipelines. Learn more at https://shiftleftcyber.io.

For more information, contact Olga Lev at pr@reliza.io.