2025 Gartner® Market Guide for Software Supply Chain Security
Read Now
Modernize Your Malware Analysis
Download White Paper
Looking for an alternative to VirusTotal? We've got you covered.
Learn More
Webinar | June 26 @ 12-1pm ET

Manifest Misconceptions: Closing the Gaps in SCA-Based SBOMs

As software supply chain attacks rise and regulations tighten, organizations are turning to SBOMs to manage risk.

But new ReversingLabs research reveals a major issue: SBOMs generated solely from manifests—common with SCA tools—miss nearly half of the actual components in deployed software. This blind spot leaves organizations exposed to hidden vulnerabilities, malware, and compliance risks.

Join ReversingLabs experts as we unpack key findings from our latest report, Manifest Misconceptions: The Gaps in SCA-Based SBOMs. Through real-world examples like NumPy, SolarWinds Orion, and 3CX, we’ll show how manifest-based SBOMs overlook critical and even malicious components.

You’ll learn:

  • Why manifest-driven SBOMs miss ~50% of components—and the risks that creates
  • How dynamic dependencies and modern build processes contribute to the gaps
  • What binary analysis reveals that manifests miss
  • How ReversingLabs Spectra Assure™ delivers complete SBOMs and risk insights

Don’t let your organization operate with a false sense of security. Discover practical steps to achieve true software supply chain transparency and resilience, beyond the manifest.

Register now to secure your spot! Attend live and receive an attendance certificate to be used towards CPE credits.

Register Now