ReARM 26.03.59: More CycloneDX Usage in APIs and Better BEAR Enrichment
2026-03-11
We're excited to announce a major release of ReARM v26.03.59. Detailed information is available on its release view on the ReARM Demo instance.
This is the first release where we started to synchronize versions between ReARM CE and ReARM Pro. While earlier versions were developed in parallel, this release marks the beginning of a more coordinated approach. Each of the two products now shares the same version number - 26.03.59, ensuring consistency and alignment across both platforms.
Note, that this release introduces deployment breaking change for ReARM CE users, where our helm chart was renamed from rearm-helm to just rearm. This means that if you are updating an existing installation, your resource name prefixes by default would change from rearm-helm- to rearm-. If you want to keep the old names, you can override the fullnameOverride value in your helm values file or in your upgrade command, using --set fullnameOverride=rearm-helm.
It is important to note, that there is no change for ReARM Pro users as ReARM Pro Helm chart is already named rearm. Reliza will perform the migration process for Reliza-managed installations or assist with the migration for self-hosted installations. Accordingly, the change to ReARM CE Helm naming makes it easier to transition between ReARM CE and ReARM Pro.
More CycloneDX
As CycloneDX is transitioning to become a Transparency Exchange Language, we are starting to use it more extensively in our APIs and data models. Particularly, we have switched our check hash API to use CycloneDX format exclusively. We have also added CycloneDX output option to our get latest release API.
We have also introduced a new API endpoint to request specific release by version that also outputs component in CycloneDX format.
Better BEAR Integration
Finally, a lot of updates have happened in our BEAR enrichment product. It is important to note that enrichment results from BEAR server to ReARM CLI are now also send in CycloneDX format. We should note hear that ReARM Pro customers get included access to Reliza's managed instance of BEAR, while ReARM CE customers have an option to deploy BEAR themselves.
Also, BEAR integration now supports resolution of the copyright field on top of license and supplier fields that were available previously.
Additionally, BEAR integration now supports privately hosted ClearlyDefined, on top of using public option.
Starting with this ReARM version, BEAR integration is now easily available from ReARM UI, alongside other already existing integrations.
Approval Workflow Improvements in ReARM Pro
ReARM Pro received major updates for approval workflows - policy-wide input and output events. Previously events had to be configured per component or per product, now they can be configured at the policy level and made accessible to each component or product that uses that policy.
Still, it is possible to override policy-level events for specific components or products if needed. For example, it is possible to disable certain global input events entirely, or override their output events for specific components.
In this ReARM release, we have also included pre-defined approval policies, covering major compliance requirements, such as EU CRA, SOC2, ISO 27001.
Dependency Updates
This release contains number of dependency updates, including those fixing underlying CVEs in dependencies. ReARM users are encouraged to upgrade to this release to benefit from these fixes.
Release Identification
We are continuing to publish TEIs for all ReARM releases. TEI for this release: urn:tei:purl:demo.rearmhq.com:pkg:github/relizaio/rearm@26.03.59.