of the Software Supply Chain

Open-Source SBOM Creation and Vulnerability Scanning for Embedded Linux

Automation of Generation of Software Bill of Materials and Processing to Detect Cybersecurity Vulnerabilities in Linux/Yocto


  • Easy to use automated vulnerability scanning
  • Automatic generation of Software Bill of Materials (SBOM)
  • New SBOM generated with each new build
  • SBOMs sent to Dependency Track (OWASP’s free scanning tool)
  • Dependency Track provides vulnerability tracking across builds, notifications, policy setting, etc.
  • Scanned daily to check for new vulnerabilities
  • Uses NIST’s National Vulnerability Database
ScanVuln Image ScanVuln Image

Steps to Free and Automated Scanning for Vulnerabilities

Set up a Dependency Track instance

Set-up now

Add BG Networks’ meta-dependency track meta-layer to your Yocto build

Add now

Generate Cyclone DX SBOMs as part of your next build

SBOMs are automatically sent to Dependency Track and scanned for vulnerabilities

Industrial Technology Concept. Industrial Technology Concept.

Software Supply Chain
More Important Than Ever

  • Embedded firmware increasingly relies on combinations of open source, commercial software packages, outsourcing, and in-house software.
  • It is increasingly difficult to determine what software packages are included in a build because so much code is externally sourced.
  • The U.S. Government's’ executive order 14028 states that federal agencies should require SBOMs, and NIST/CISA/NTIA recommends that all industries automate vulnerability scanning thereof.

BG Networks’ Commitment to Open Source

BG Networks is committed to contributing open-source software to help developers get started with IoT cybersecurity and make implementing cybersecurity easier.

We believe that open-source removes barriers to implementing cybersecurity in more devices.

SBOM and Vulnerability Database Resources

Consulting Services
BG Networks can help with your software vulnerability analysis.

We offer a complete set of Consulting Services for IoT device cybersecurity. These include risk/threat/vulnerability analysis, definition of cybersecurity requirements, development of software, and testing.