Timesys Vigiles Vulnerability Monitoring and Remediation

Software Bill of Materials (SBOM) Management, Vulnerability Monitoring and Remediation


Best-in-class vulnerability monitoring and remediation tool that combines a curated CVE database, continuous security feed based on your Software Bill of Materials (SBOM), powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.

Try Prime For FreeWatch the Video

You need a continuous security feed against all of your SBOMs so you don’t get blindsided by vulnerabilities.

Vulnerabilities leave devices open to devastating cybersecurity attacks, making headlines across the globe time and time again. With 350+ new vulnerabilities per week and numbers increasing drastically for the past 5 years, you need a tool to manage the onslaught of new vulnerabilities, cut through the noise, and identify the most pressing threats so you can take action.

Looking for a tool that can alert you to important, relevant vulnerabilities in your product software?

Tired of chasing false positives and hunting for vulnerability fixes?

Trying to streamline your vulnerability management with a tool that adapts to your SDLC process?

Take advantage of our purpose-built vulnerability management tool, Vigiles.

For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market of more secure products.

How It Works

Easy Access To The Compliance Information You Need

Speed Up Compliance, Regulatory Workflows, and Reduce Your Risk

Vigiles helps you keep up with the expanding requirements in regulated industries that require documented cybersecurity efforts and component transparency such as the White House EO 14028, FDA Cybersecurity, EU Cyber Resilience Act (CRA).

  • Easily track the compliance status of your SBOMs and see what you need to improve
  • Reduce remediation efforts by identifying and addressing only the real threats and update accordingly
  • Get at-a-glance verification of National Telecommunications and Information Administration (NTIA) minimum SBOM Compliance
  • Meet cybersecurity documentation requirements and maintain an audit trail of changes and triaging information

Organize Your Product SBOMs

SBOM Management Dashboard

Vigiles keeps your product’s software vendor SBOMs and your own custom application SBOMs organized with our SBOM dashboard.

  • Easier tracking of multiple SBOMs so you can keep them up to date and organized.
  • Compatible with multiple upload methods and formats, so you can use the right CI/CD pipeline integration for each SBOM.
  • Know the status of your product SBOMs at a glance with summary information, with details available when you need them.

Use Accurate Device Information

SBOM Generation and [CI/CD] Integration

Vigiles supports all major Linux build system integrations including Yocto, Buildroot, PetaLinux, Wind River Linux, PTXdist, OpenWrt, Timesys Factory, containers, RTOSes, and other operating systems and ecosystems such as Python for more accurate SBOM generation.

  • Intuitively track and manage SBOMs across various products and releases, and import industry-standard SBOM formats such as CycloneDX, SPDX, and SPDX Lite 
  • Use Vigiles CLI and Timesys recommended tools for integrating SBOM generation into your build systems, applications, OS, and containers
  • Reduce extra noise by capturing your kernel and U-Boot configuration for better mapping of package names to CVE naming, package version, and applied patches
  • At-a-glance immediate CVE summary report by automatically scanning your SBOM against our curated vulnerabilities database 
  • Manage software supply chain risks leveraging detailed SBOM
Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD)

Start with a Better List of CVEs

Timesys Curated Database

Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD) with Timesys’ curated CVE/CPE database.

  • More accurate data: Timesys Vigiles team manually analyzes incorrect CVEs and updates in our system
  • Optimized for embedded: intelligent curation algorithms for the Linux kernel and U-Boot run daily
  • Get alerts earlier: we minimize reporting delays by up to four weeks by pulling data from multiple feeds

See Only Applicable CVEs

Your Build + Our Database =
Accurate Results

Vigiles only pulls the data for the CVEs that correspond to your SBOM, giving you a curated list to review.

  • Drastically reduce your workload
  • 85% fewer CVEs to analyze
  • 95% fewer false positives
Vigiles only pulls the data for the CVEs that correspond to your SBOM

Filter the Shortlist Quickly

Identify Top Vulnerabilities Based on Your Risk Analysis

Powerful filters allow you to quickly identify the CVEs that you want to fix.

  • Filter CVEs by: package affected, patch or fix availability, CVE severity, custom scoring, affected platforms, notes/comments, and kernel and U-Boot configuration options
  • Identify CVEs you want to ignore by actively whitelisting

Keep Your Remediation Team in Sync

Document Your Decisions and Coordinate Responses

Streamline vulnerability management and mitigation with easy-to-use collaboration tools.

  • Share SBOMs with other team members so they can add notes to CVEs, whitelist them, and more
  • Connect Vigiles with Jira for seamless issue tracking

Stop Searching and Start Patching

See the Remediation Options with One Click

For every CVE found in your scanned SBOM, Vigiles will let you know if there is a fix and give you the patch, minimum version, and/or config option information needed to remediate the vulnerability.

  • Easily identify remediation options with resources included in your report
  • Make quick fixes with links to available patches, workarounds for remediation when a patch is not available, and links for recreating the CVE exploit for testing

Enjoy Easier Regulatory Compliance

Use Shareable Reports and
Diff-Like Comparisons Tools

Comparing reports and viewing report history enables you to more efficiently manage cybersecurity vulnerabilities affecting your product throughout its product lifecycle and comply with government and regulatory security standards.

  • Track changes between releases and automatically create a summary report for release notes
  • View and compare SBOMs side-by-side with searchable SBOM and CVE sections
  • Export your SBOM in SPDX or SPDX Lite file formats, both official international open standard for SBOMs
Export your Software Bill of Materials (SBOM) in SPDX, shareable reports enable you to more efficiently manage cybersecurity vulnerabilities

Keep Your Product Secure with Continuous Monitoring

Set up Your Security Feed and Alerts with Emailed Reports

Vigiles securely maintains current SBOMs of your products and continuously rescans and tracks vulnerabilities for all versions even after your product is released and in production.

  • Stay on top of new vulnerabilities with periodic rescans and reports
  • Keep your device secure in the field, for full product lifecycle

Multiple Reason To Replace or
Augment Your Existing Tools

SCA Optimized for Embedded

SCA Optimized for Embedded

build system integration, kernel/u-boot filters, and platform filters for 85% fewer CVEs to analyze

Superior Curated Data Accuracy

Superior Curated Data Accuracy

95% fewer false positives plus more coverage and earlier reporting

Fits into Software Development Life Cycle Workflow

Fits into Software Development Life Cycle Workflow

CI/CD, Jira integration, APIs, team collaboration

Streamline compliance

Streamline Compliance

SBOM generation, license and vulnerability policy, and documentation

Efficient triaging and remediation

Efficient Triaging and Remediation

Email alerts, intelligent filtering, links to fixes

ROI in as little as 3 months

ROI in as Little as 3 Months

with time saved

Streamline Your Process with a Workflow Backbone that will Pay for Itself

Vigiles gives you the complete process to track, triage, remediate, and document CVEs affecting your device. With more accurate data and powerful filters, Vigiles pays for itself in time saved in as little as three months.

How much can Vigiles save you? Try out our ROI calculator here.

What Are The Options?

Vigiles is offered in three versions: SBOM Manager, Prime, and Enterprise. Vigiles SBOM Manager offers comprehensive SBOM generation and management tools, while Prime and Enterprise include advanced CVE monitoring with alerts and reports, and time-saving triage and remediation features.

SBOM Manager

SBOM Manager version provides SBOM management and generation tools in industry-standard CycloneDX and SPDX formats, comparison of SBOM changes between builds and releases, tracking, monitoring, and more for multiple SBOMs

Learn More


All the features of the SBOM Manager version plus CVE monitoring for SBOMs, collaboration tools for CVE triage and mitigation, advanced filtering, detailed notifications, advanced reporting tools, patch notification and management features, links to related Linux kernel patches, OSS fixed version notifications, and more.

Learn More


All the features of the SBOM Manager and Prime versions, with single sign-on compatibility, powerful group administration functionality, role-based access control, and hosting with remote CVE database updates.

Learn More


Try Vigiles Prime for 30 Days for Free

Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.

What You Get

Vigiles sets you up for success with everything you need to track, triage, remediate,
and document CVEs affecting your device, saving you time and money.

Vigiles Plus or Prime

Vigiles SBOM Manager, Prime, or Enterprise

Vigiles SBOM Manager provides Software Bill of Materials (SBOM) management and generation tools in industry-standard CycloneDX and SPDX formats, comparison of SBOM changes between builds and releases, and tracking, monitoring, and team collaboration for multiple SBOMs.

Vigiles Prime offers powerful triage and collaboration tools, with patch notification and management features, enabling your team to rapidly prioritize, assess, and remediate security issues.

Vigiles Enterprise brings the Vigiles experience on-premises with remote Timesys Common Vulnerabilities and Exposures (CVE) Database updates, single sign-on integration, group functionality for project-specific access, and role-based access control.

Ten User Logins

10, 20, or More User Logins

Collaborate across your team for efficient vulnerability monitoring and management with ten user logins

CVE Triage Guide

CVE Triage Guide

Learn how to make the most of Vigiles’ triage features to pinpoint the vulnerabilities that apply to your products, prioritize them based on risk, and remediate the largest security threats

Quick Start Training

Quick Start Training

Use our Quick Start Training to see vulnerabilities for your project’s Software Bill of Materials (SBOM) in less than 30 minutes.

Access to Support and Feature Request

Easy Access to Support and Feature Request

Easily contact support to submit feedback or request features within Vigiles. Issues are typically addressed within 72 hours, and all Vigiles users benefit so feedback is encouraged.


Schedule a Demo for Your Use Case

Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.

Still Have Questions? Check out the FAQ

Our FAQ covers everything from version features, to how Vigiles improves upon the National Vulnerability Database (NVD), to how Vigiles stacks up against other vulnerability scanners.

Check the FAQ

Need Vulnerability Monitoring and Remediation but Don’t Want to Do It Yourself? Check out our Linux OS/BSP Maintenance Service

Timesys’ Linux OS/BSP Maintenance is a subscription service that provides long-term security upgrades and maintenance of your Linux OS/BSPs alongside Vigiles’ vulnerability monitoring and management capabilities.

Check out Linux OS / BSP Maintenance

Using an RTOS? We’ve Got You Covered

With Vigiles, you can upload an SBOM or use our SBOM generator tool to create reports and monitor Zephyr, FreeRTOS, or Mbed vulnerabilities.

View a sample Zephyr report (requires login):

See a Sample Report

Already Using Black Duck? Stack the Benefits with Vigiles

Black Duck users can add Vigiles to their security toolkit to drastically reduce their workload. Vigiles leverages information from SBOMs to reduce false positives by 95% and reduce CVEs to analyze by 85% as compared to Black Duck. Learn more about how using these function-specific tools in tandem leads to improved efficiency and productivity:

See How Black Duck and Vigiles Work Together

See how Vigiles stacks up to other Software Composition Analysis (SCA) tools:

Compare Vigiles Against Other SCA Tools

See the impact of Vigiles in action

Vigiles demo

Schedule a Demo of Timesys Vulnerability Monitoring

Request a personalized demo to see how Vigiles can save you time with a curated database of CVEs, powerful filtering, and on-demand reporting

Schedule a Demo


Software Security Management: Cutting through the vulnerability storm with Vigiles

Learn how to use Vigiles for automated security monitoring on your Linux BSPs, rapid security assessment and triage, and efficient security and vulnerability remediation.

Watch the Webinar


Evaluating vulnerability tools for embedded Linux devices

How to choose the right vulnerability management tool to bring your security maintenance cost down while improving the security posture of the device

Read the Blog