New solution helps organizations centrally ingest, normalize, inspect, approve, reject, consolidate, and deliver compliance-ready SBOM evidence as AI-driven development and maturing regulation reshape software supply chain governance
STOCKHOLM, SE / ACCESS Newswire / June 9, 2026 / FossID, a leader in software risk management, today announced FossID Workflows, a new solution designed to help enterprises manage the full lifecycle of Software Bills of Materials (SBOMs) across complex software supply chains. The upcoming product will help organizations centrally ingest, normalize, inspect, approve or reject, consolidate, and deliver compliance-ready SBOM evidence across suppliers, products, and releases.
The announcement comes as SBOM adoption accelerates in response to two major shifts in the software industry. First, AI-driven software development is increasing the speed and volume of code creation, including smaller code fragments that can make software inventory, provenance, security, and license compliance more difficult to manage. Second, maturing regulations, including the EU Cyber Resilience Act (CRA), are elevating SBOMs as a fundamental form of compliance evidence for organizations that build, integrate, sell, or distribute software-enabled products.
For enterprises in industries such as automotive, medical devices, consumer electronics, industrial automation, and other supplier-intensive markets, the operational challenge is becoming especially acute. OEMs often develop their own software while also receiving software from Tier-1 suppliers, who in turn receive software from Tier-2 suppliers and additional downstream providers. Each participant may generate, receive, transform, validate, and pass along SBOMs as part of a broader compliance and product assurance process.
This creates a practical breakdown in SBOM operationalization. Organizations may have the ability to generate SBOMs, but they often lack a scalable process for collecting them from suppliers, normalizing different formats, validating quality, resolving issues, approving or rejecting submissions, consolidating multiple SBOMs into product-level evidence, and delivering that evidence to customers, auditors, or regulators.
"SBOMs are no longer just static technical artifacts," said Daniel Forsgren, Chief Technology Officer at FossID. "They are becoming operational records of software supply chain trust. As AI accelerates code creation and regulations mature, enterprises need more than SBOM generation. They need a governed way to manage the SBOM lifecycle across teams, suppliers, products, and releases."
FossID Workflows is being designed to address this operational gap. The solution will provide a centralized workflow layer for managing SBOM processes across complex enterprise environments, helping teams move from fragmented files and manual coordination to repeatable, auditable, and scalable SBOM governance.
With FossID Workflows, organizations will be able to:
Centrally ingest SBOMs from suppliers, internal teams, and software sources
Normalize SBOM inputs across different formats and supplier maturity levels
Inspect SBOM submissions for quality, completeness, and usability
Approve or reject supplier submissions through defined review workflows
Consolidate multiple SBOMs into product-level and release-level evidence
Maintain traceable records of SBOM review, decisions, exceptions, and approvals
Deliver compliance-ready evidence to customers, auditors, regulators, and supply chain partners
"Many organizations have made progress with SBOM generation, but generation is only the starting point," said Daniel Forsgren. "The larger challenge is operational. Enterprises need to know whether an SBOM is complete, whether it represents the right software, whether it has been reviewed according to policy, and whether it can be trusted as part of a compliance evidence package. FossID Workflows is being built to make that process manageable at enterprise scale."
The need for SBOM lifecycle management is growing as software supply chains become more distributed and more dynamic. AI-assisted development is increasing the importance of accurate software inventory and provenance, while regulatory frameworks are pushing organizations toward stronger documentation, vulnerability handling, and supply chain transparency. In this environment, SBOMs must be managed as living compliance assets, not one-time files.
FossID Workflows will extend FossID's software risk management portfolio by helping organizations connect and automate the SBOM lifecycle. It is expected to complement FossID's Agentic SCA suite and FossID's professional services by enabling enterprises to operationalize SBOM governance across the full software supply chain.
Pilot Program and Early Access
FossID plans to make FossID Workflows available to select customers and partners prior to general availability.
"Most enterprises approaching SBOM operationalization have established processes; what they lack is tooling flexible enough to support those processes at scale. A one-size-fits-all workflow layer is unlikely to accommodate the variation in supplier maturity, regulatory obligation, and internal review structure that enterprise environments present," said Katie Norton, Senior Research Manager at IDC. "FossID Workflows addresses this through a composable workflow architecture that organizations can configure to fit their specific intake, validation, and approval requirements."
Organizations interested in early access or product briefings can contact FossID for more information. Readers can also join the FossID Workflows waitlist to stay informed about product availability, upcoming features, and pricing details as FossID prepares for broader release.
About FossID
FossID provides software supply chain integrity solutions that enable enterprises to leverage open source, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software Composition Analysis (SCA) toolset, FossID also provides open source audit, technical due diligence, and code review services to help clients manage legal, security, and operational software supply chain risk.
For more information, visit www.fossid.com.
Media Contact
Aaron Branson
FossID Media Relations
media@fossid.com
SOURCE: FossID
View the original press release on ACCESS Newswire:
https://www.accessnewswire.com/newsroom/en/computers-technology-and-internet/fossid-announces-workflows-to-help-enterprises-operationalize-sbo-1173680
