Vigiles: SBOM Management and Vulnerability Monitoring and Remediation Software

Software Details

Features

Use Accurate Device Information SBOM Generation and Integration

  • Vigiles supports all major Linux build system integrations including Yocto, Buildroot, PetaLinux, Wind River Linux, PTXdist, OpenWrt and Timesys Factory for more accurate SBOM generation.
    • Captures your kernel and U-Boot configuration for better mapping of package names to CVE naming, package version, and applied patches
    • Automatic scan of your SBOM against our curated vulnerabilities database creates an immediate CVE report
    • Manage software supply chain risks leveraging detailed SBOM
    • Intuitively track and manage SBOMs across various products and releases, and import industry-standard SBOM formats such as CycloneDX, SPDX, and SPDX Lite

Start with a Better List of CVEs Timesys Curated Database

  • Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD) with Timesys’ curated CVE/CPE database.
    • More accurate data: Timesys Vigiles team manually analyzes incorrect CVEs and updates in our system
    • Optimized for embedded: intelligent curation algorithms for the Linux kernel and U-Boot run daily
    • Get alerts earlier: we minimize reporting delays by up to four weeks by pulling data from multiple feeds

See Only Applicable CVEs Your Build + Our Database = Accurate Results

  • Vigiles only pulls the data for the CVEs that correspond to your SBOM, giving you a curated list to review.
    • Drastically reduce your workload
    • 85% fewer CVEs to analyze
    • 95% fewer false positives

Filter the Shortlist Quickly Identify Top Vulnerabilities Based on Your Risk Analysis

  • Powerful filters allow you to quickly identify the CVEs that you want to fix.
    • Filter CVEs by: package affected, patch or fix availability, CVE severity, custom scoring, affected platforms, notes/comments and kernel and U-Boot configuration options
    • Identify CVEs you want to ignore by actively whitelisting

Keep Your Remediation Team in Sync Document Your Decisions and Coordinate Responses

  • Streamline vulnerability management and mitigation with easy-to-use collaboration tools.
    • Share manifests with other team members so they can add notes to CVEs, whitelist them and more
    • Connect Vigiles with Jira for seamless issue tracking

Stop Searching and Start Patching See the Remediation Options with One Click

  • For every CVE found in your scanned SBOM, Vigiles will let you know if there is a fix and give you the patch, minimum version and/or config option information needed to remediate the vulnerability.
    • Easily identify remediation options with resources included in your report
    • Make quick fixes with links to available patches, workarounds for remediation when a patch is not available and links for recreating the CVE exploit for testing

Enjoy Easier Regulatory Compliance Use Shareable Reports and Diff-Like Comparisons Tools

  • Comparing reports and viewing report history enables you to more efficiently manage cybersecurity vulnerabilities affecting your product throughout its product lifecycle and comply with government and regulatory security standards.
    • Track changes between releases and automatically create a summary report for release notes
    • View side-by-side manifest comparison with searchable manifest and CVE sections
    • Export your SBOM in SPDX or SPDX Lite file formats, both official international open standard for SBOMs

Keep Your Product Secure with Continuous Monitoring Set up Your Security Feed and Alerts with Emailed Reports

  • Vigiles securely maintains current manifests of your products and continuously rescans and tracks vulnerabilities for all versions even after your product is released and in production.
    • Stay on top of new vulnerabilities with periodic rescans and reports
    • Keep your device secure in the field, for full product lifecycle

Three subscription offerings (Free, Prime and Enterprise)

  • Free: on-demand reports for free
  • Prime: adds more features / detailed reports
  • Enterprise: adds filtering and direct link to patches (where available)

Any option can be bundled with NXP Pro-Support for assistance

Documentation

Quick reference to our documentation types.

4 documents

Training

6 trainings

Show All