July 13, 2026
Press Launch

New resolution helps organizations centrally ingest, normalize, examine, approve, reject, consolidate, and ship compliance-ready SBOM proof as AI-driven growth and maturing regulation reshape software program provide chain governance.
STOCKHOLM, Sweden, June 9, 2026 – FossID, a pacesetter in software program threat administration, right this moment introduced FossID Workflows, a brand new resolution designed to assist enterprises handle the total lifecycle of Software program Payments of Supplies (SBOMs) throughout complicated software program provide chains. The upcoming product will assist organizations centrally ingest, normalize, examine, approve or reject, consolidate, and ship compliance-ready SBOM proof throughout suppliers, merchandise, and releases.
The announcement comes as SBOM adoption accelerates in response to 2 main shifts within the software program business. First, AI-driven software program growth is rising the pace and quantity of code creation, together with smaller code fragments that may make software program stock, provenance, safety, and license compliance harder to handle. Second, maturing rules, together with the EU Cyber Resilience Act (CRA), are elevating SBOMs as a elementary type of compliance proof for organizations that construct, combine, promote, or distribute software-enabled merchandise.
For enterprises in industries corresponding to automotive, medical units, shopper electronics, industrial automation, and different supplier-intensive markets, the operational problem is changing into particularly acute. OEMs usually develop their very own software program whereas additionally receiving software program from Tier-1 suppliers, who in flip obtain software program from Tier-2 suppliers and extra downstream suppliers. Every participant could generate, obtain, remodel, validate, and move alongside SBOMs as a part of a broader compliance and product assurance course of.
This creates a sensible breakdown in SBOM operationalization. Organizations could have the power to generate SBOMs, however they usually lack a scalable course of for accumulating them from suppliers, normalizing completely different codecs, validating high quality, resolving points, approving or rejecting submissions, consolidating a number of SBOMs into product-level proof, and delivering that proof to clients, auditors, or regulators.
SBOMs are now not simply static technical artifacts. They’re changing into operational data of software program provide chain belief. As AI accelerates code creation and rules mature, enterprises want greater than SBOM technology. They want a ruled solution to handle the SBOM lifecycle throughout groups, suppliers, merchandise, and releases.
Daniel Forsgren, Chief Know-how Officer at FossID
FossID Workflows is being designed to deal with this operational hole. The answer will present a centralized workflow layer for managing SBOM processes throughout complicated enterprise environments, serving to groups transfer from fragmented recordsdata and guide coordination to repeatable, auditable, and scalable SBOM governance.
With FossID Workflows, organizations will be capable of:
- Centrally ingest SBOMs from suppliers, inside groups, and software program sources
- Normalize SBOM inputs throughout completely different codecs and provider maturity ranges
- Examine SBOM submissions for high quality, completeness, and value
- Approve or reject provider submissions via outlined assessment workflows
- Consolidate a number of SBOMs into product-level and release-level proof
- Keep traceable data of SBOM assessment, selections, exceptions, and approvals
- Ship compliance-ready proof to clients, auditors, regulators, and provide chain companions
“Many organizations have made progress with SBOM technology, however technology is barely the place to begin,” stated Daniel Forsgren. “The bigger problem is operational. Enterprises have to know whether or not an SBOM is full, whether or not it represents the correct software program, whether or not it has been reviewed in response to coverage, and whether or not it may be trusted as a part of a compliance proof bundle. FossID Workflows is being constructed to make that course of manageable at enterprise scale.”
The necessity for SBOM lifecycle administration is rising as software program provide chains change into extra distributed and extra dynamic. AI-assisted growth is rising the significance of correct software program stock and provenance, whereas regulatory frameworks are pushing organizations towards stronger documentation, vulnerability dealing with, and provide chain transparency. On this atmosphere, SBOMs should be managed as residing compliance property, not one-time recordsdata.
FossID Workflows will prolong FossID’s software program threat administration portfolio by serving to organizations join and automate the SBOM lifecycle. It’s anticipated to enrich FossID’s Agentic SCA suite and FossID’s professional services by enabling enterprises to operationalize SBOM governance throughout the total software program provide chain.
Pilot Program and Early Entry
FossID plans to make FossID Workflows out there to pick clients and companions previous to common availability.
Most enterprises approaching SBOM operationalization have established processes; what they lack is tooling versatile sufficient to assist these processes at scale. A one-size-fits-all workflow layer is unlikely to accommodate the variation in provider maturity, regulatory obligation, and inside assessment construction that enterprise environments current. FossID Workflows addresses this via a composable workflow structure that organizations can configure to suit their particular consumption, validation, and approval necessities.
Katie Norton, Senior Analysis Supervisor at IDC
Organizations eager about early entry or product briefings can contact FossID for extra data. Readers can even join the FossID Workflows waitlist to remain knowledgeable about product availability, upcoming options, and pricing particulars as FossID prepares for broader launch.
About FossID
FossID gives software program threat administration options that allow enterprises to leverage open supply, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software program Composition Evaluation (SCA) toolset, FossID additionally gives open supply audit, technical due diligence, and code assessment companies to assist shoppers handle authorized, safety, and operational software program provide chain threat.
Study extra: https://www.fossid.com








