Tool adds SBOMs for unmanaged C/C++
What happened
A new tool called Manifest was highlighted for producing SBOMs for unmanaged C and C++ code—closing a blind spot in embedded and geospatial systems where dependency visibility is poor reported. That matters for classified pipelines that must track legacy binaries inside container images.
Why it matters
Manifest published a cross-platform CLI and GitHub Action that can generate SBOMs from local source trees, container images and filesystem targets [docs.manifestcyber.com]. The platform emits CycloneDX and SPDX SBOMs and adds binary inspection, Nix-package visibility and reachability analysis to help prioritize vulnerabilities by exploitability [cyclonedx.org]. The Manifest CLI supports amd and arm architectures and includes commands shown in examples for scanning container images (e.g., alpine:latest) and merging multiple SBOMs for CI/CD workflows [github.com]. Manifest positioned the commercial release on March 12, 2026 and described the capability as aimed at embedded, medical-device and regulated environments while publishing public docs and a GitHub repo for customer evaluation [morningstar.com].
Key numbers
- Manifest positioned the commercial release on March 12, 2026 and described the capability as aimed at embedded, medical-device and regulated environments while publishing public docs and a GitHub repo for customer evaluation [morningstar.com].
What happens next
- Manifest published a cross-platform CLI and GitHub Action that can generate SBOMs from local source trees, container images and filesystem targets [docs.manifestcyber.com].
Quick answers
What happened in Tool adds SBOMs for unmanaged C/C++?
A new tool called Manifest was highlighted for producing SBOMs for unmanaged C and C++ code—closing a blind spot in embedded and geospatial systems where dependency visibility is poor reported. That matters for classified pipelines that must track legacy binaries inside container images.
Why does Tool adds SBOMs for unmanaged C/C++ matter?
Manifest published a cross-platform CLI and GitHub Action that can generate SBOMs from local source trees, container images and filesystem targets [docs.manifestcyber.com]. The platform emits CycloneDX and SPDX SBOMs and adds binary inspection, Nix-package visibility and reachability analysis to help prioritize vulnerabilities by exploitability [cyclonedx.org]. The Manifest CLI supports amd and arm architectures and includes commands shown in examples for scanning container images (e.g., alpine:latest) and merging multiple SBOMs for CI/CD workflows [github.com]. Manifest positioned the commercial release on March 12, 2026 and described the capability as aimed at embedded, medical-device and regulated environments while publishing public docs and a GitHub repo for customer evaluation [morningstar.com].
