Software Bill of Materials (SBOM) Management, Vulnerability Monitoring and Remediation
Vigiles
Best-in-class vulnerability monitoring and remediation tool that combines a curated CVE database, continuous security feed based on your Software Bill of Materials (SBOM), powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.
You need a continuous security feed against all of your SBOMs so you don’t get blindsided by vulnerabilities.
Vulnerabilities leave devices open to devastating cybersecurity attacks, making headlines across the globe time and time again. With 350+ new vulnerabilities per week and numbers increasing drastically for the past 5 years, you need a tool to manage the onslaught of new vulnerabilities, cut through the noise, and identify the most pressing threats so you can take action.
Looking for a tool that can alert you to important, relevant vulnerabilities in your product software?
Tired of chasing false positives and hunting for vulnerability fixes?
Trying to streamline your vulnerability management with a tool that adapts to your SDLC process?
Take advantage of our purpose-built vulnerability management tool, Vigiles.
For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market of more secure products.
How It Works
Easy Access To The Compliance Information You Need
Speed Up Compliance, Regulatory Workflows, and Reduce Your Risk
Vigiles helps you keep up with the expanding requirements in regulated industries that require documented cybersecurity efforts and component transparency such as the White House EO 14028, FDA Cybersecurity, EU Cyber Resilience Act (CRA).
- Easily track the compliance status of your SBOMs and see what you need to improve
- Reduce remediation efforts by identifying and addressing only the real threats and update accordingly
- Get at-a-glance verification of National Telecommunications and Information Administration (NTIA) minimum SBOM Compliance
- Meet cybersecurity documentation requirements and maintain an audit trail of changes and triaging information
Organize Your Product SBOMs
SBOM Management Dashboard
Vigiles keeps your product’s software vendor SBOMs and your own custom application SBOMs organized with our SBOM dashboard.
- Easier tracking of multiple SBOMs so you can keep them up to date and organized.
- Compatible with multiple upload methods and formats, so you can use the right CI/CD pipeline integration for each SBOM.
- Know the status of your product SBOMs at a glance with summary information, with details available when you need them.
Use Accurate Device Information
SBOM Generation and [CI/CD] Integration
Vigiles supports all major Linux build system integrations including Yocto, Buildroot, PetaLinux, Wind River Linux, PTXdist, OpenWrt, Timesys Factory, containers, RTOSes, and other operating systems and ecosystems such as Python for more accurate SBOM generation.
- Intuitively track and manage SBOMs across various products and releases, and import industry-standard SBOM formats such as CycloneDX, SPDX, and SPDX Lite
- Use Vigiles CLI and Timesys recommended tools for integrating SBOM generation into your build systems, applications, OS, and containers
- Reduce extra noise by capturing your kernel and U-Boot configuration for better mapping of package names to CVE naming, package version, and applied patches
- At-a-glance immediate CVE summary report by automatically scanning your SBOM against our curated vulnerabilities database
- Manage software supply chain risks leveraging detailed SBOM
Start with a Better List of CVEs
Timesys Curated Database
Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD) with Timesys’ curated CVE/CPE database.
- More accurate data: Timesys Vigiles team manually analyzes incorrect CVEs and updates in our system
- Optimized for embedded: intelligent curation algorithms for the Linux kernel and U-Boot run daily
- Get alerts earlier: we minimize reporting delays by up to four weeks by pulling data from multiple feeds
See Only Applicable CVEs
Your Build + Our Database =
Accurate Results
Vigiles only pulls the data for the CVEs that correspond to your SBOM, giving you a curated list to review.
- Drastically reduce your workload
- 85% fewer CVEs to analyze
- 95% fewer false positives
Filter the Shortlist Quickly
Identify Top Vulnerabilities Based on Your Risk Analysis
Powerful filters allow you to quickly identify the CVEs that you want to fix.
- Filter CVEs by: package affected, patch or fix availability, CVE severity, custom scoring, affected platforms, notes/comments, and kernel and U-Boot configuration options
- Identify CVEs you want to ignore by actively whitelisting
Keep Your Remediation Team in Sync
Document Your Decisions and Coordinate Responses
Streamline vulnerability management and mitigation with easy-to-use collaboration tools.
- Share SBOMs with other team members so they can add notes to CVEs, whitelist them, and more
- Connect Vigiles with Jira for seamless issue tracking
Stop Searching and Start Patching
See the Remediation Options with One Click
For every CVE found in your scanned SBOM, Vigiles will let you know if there is a fix and give you the patch, minimum version, and/or config option information needed to remediate the vulnerability.
- Easily identify remediation options with resources included in your report
- Make quick fixes with links to available patches, workarounds for remediation when a patch is not available, and links for recreating the CVE exploit for testing
Enjoy Easier Regulatory Compliance
Use Shareable Reports and
Diff-Like Comparisons Tools
Comparing reports and viewing report history enables you to more efficiently manage cybersecurity vulnerabilities affecting your product throughout its product lifecycle and comply with government and regulatory security standards.
- Track changes between releases and automatically create a summary report for release notes
- View and compare SBOMs side-by-side with searchable SBOM and CVE sections
- Export your SBOM in SPDX or SPDX Lite file formats, both official international open standard for SBOMs
Keep Your Product Secure with Continuous Monitoring
Set up Your Security Feed and Alerts with Emailed Reports
Vigiles securely maintains current SBOMs of your products and continuously rescans and tracks vulnerabilities for all versions even after your product is released and in production.
- Stay on top of new vulnerabilities with periodic rescans and reports
- Keep your device secure in the field, for full product lifecycle
You Could Try Another Tool, But
Why Would You?
SCA Optimized for Embedded
build system integration, kernel/u-boot filters, and platform filters for 85% fewer CVEs to analyze
Superior Curated Data Accuracy
95% fewer false positives plus more coverage and earlier reporting
Fits into Software Development Life Cycle Workflow
CI/CD, Jira integration, APIs, team collaboration
Streamline Compliance
SBOM generation, license and vulnerability policy, and documentation
Efficient Triaging and Remediation
Email alerts, intelligent filtering, links to fixes
ROI in as Little as 3 Months
with time saved
Streamline Your Process with a Workflow Backbone that will Pay for Itself
Vigiles gives you the complete process to track, triage, remediate, and document CVEs affecting your device. With more accurate data and powerful filters, Vigiles pays for itself in time saved in as little as three months.
How much can Vigiles save you? Try out our ROI calculator here.
What Does Vigiles Cost?
Vigiles is offered in three versions: SBOM Manager, Prime, and Enterprise. Vigiles SBOM Manager offers comprehensive SBOM generation and management tools, while Prime and Enterprise include advanced CVE monitoring with alerts and reports, and time-saving triage and remediation features.
SBOM Manager
$9,900 /year
SBOM Manager version provides SBOM management and generation tools in industry-standard CycloneDX and SPDX formats, comparison of SBOM changes between builds and releases, tracking, monitoring, and more for multiple SBOMs
Prime
$14,900 /year
All the features of the SBOM Manager version plus CVE monitoring for SBOMs, collaboration tools for CVE triage and mitigation, advanced filtering, detailed notifications, advanced reporting tools, patch notification and management features, links to related Linux kernel patches, OSS fixed version notifications, and more.
Enterprise
$24,900 /year
All the features of the SBOM Manager and Prime versions, with single sign-on compatibility, powerful group administration functionality, role-based access control, and hosting with remote CVE database updates.
READY TO GET STARTED WITH VIGILES?
Try Vigiles Prime for 30 Days for Free
Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.
What You Get
Vigiles sets you up for success with everything you need to track, triage, remediate,
and document CVEs affecting your device, saving you time and money.
Vigiles SBOM Manager, Prime, or Enterprise
Vigiles SBOM Manager provides Software Bill of Materials (SBOM) management and generation tools in industry-standard CycloneDX and SPDX formats, comparison of SBOM changes between builds and releases, and tracking, monitoring, and team collaboration for multiple SBOMs.
Vigiles Prime offers powerful triage and collaboration tools, with patch notification and management features, enabling your team to rapidly prioritize, assess, and remediate security issues.
Vigiles Enterprise brings the Vigiles experience on-premises with remote Timesys Common Vulnerabilities and Exposures (CVE) Database updates, single sign-on integration, group functionality for project-specific access, and role-based access control.
10, 20, or More User Logins
Collaborate across your team for efficient vulnerability monitoring and management with ten user logins
CVE Triage Guide
Learn how to make the most of Vigiles’ triage features to pinpoint the vulnerabilities that apply to your products, prioritize them based on risk, and remediate the largest security threats
Quick Start Training
Use our Quick Start Training to see vulnerabilities for your project’s Software Bill of Materials (SBOM) in less than 30 minutes.
Easy Access to Support and Feature Request
Easily contact support to submit feedback or request features within Vigiles. Issues are typically addressed within 72 hours, and all Vigiles users benefit so feedback is encouraged.
WANT TO SEE IT IN ACTION AND ASK QUESTIONS?
Schedule a Demo for Your Use Case
Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.
See the impact of Vigiles in action
Demo
Schedule a Demo of Timesys Vulnerability Monitoring
Request a personalized demo to see how Vigiles can save you time with a curated database of CVEs, powerful filtering, and on-demand reporting
Webinar
Software Security Management: Cutting through the vulnerability storm with Vigiles
Learn how to use Vigiles for automated security monitoring on your Linux BSPs, rapid security assessment and triage, and efficient security and vulnerability remediation.
Blog
Evaluating vulnerability tools for embedded Linux devices
How to choose the right vulnerability management tool to bring your security maintenance cost down while improving the security posture of the device
