Vigiles™ is an SBOM Management and Vulnerability Monitoring and Remediation Software by NXP Semiconductors
The Software Composition Analysis (SCA) tool helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete vulnerability lifecycle management tool: discovery, prioritization, triaging, remediation, compliance and on-going monitoring/alerts.
Vigiles software uses advanced scanning and validation algorithms to identify vulnerabilities specific to your projects and software components. Vigiles software filters out the noise. The Vigiles software tracking algorithm produces very high accuracy combined with a very low false positive rate. The result is security management for your project that is streamlined and highly efficient.
Vigiles reports vulnerabilities by analyzing the components in a SBOM (list of packages and associated versions i.e. Software Bill of Materials – SBOM for your product) against a Timesys curated vulnerability database. To generate the SBOM, there are three options:
Automatic generation: Vigiles directly integrates with build systems (Yocto, Buildroot, OpenWrt, and Timesys Factory) to generate and upload the software SBOM to Vigiles.
BOM CSV (manually or externally generated): Vigiles supports custom Software BOM in CSV format (example obtained from package managers, custom build systems, hand generated etc).
Create SBOM wizard: Vigiles provides a UI where components can be selected to create a Software BOM.
Once the SBOM is uploaded/created, Vigiles scans the packages listed in the SBOM for vulnerabilities and redirects to the CVE Dashboard which provides tools/information to help remediate the vulnerabilities. For on-going monitoring of new vulnerabilities sign up for email alerts or run on-demand scans.
During this webinar, NXP will demonstrate Vigiles during the design and after-sale process of a product.