Per-release SBOMs, xBOMs and every other artifact - stored for 10+ years, versioned and audit-ready
Built for the Agentic Era
Agentic AI has accelerated development by an order of magnitude. Traditional release management has not kept up.
When dozens - or hundreds - of AI agents are shipping code simultaneously, you need release controls that scale with them. ReARM gives you the visibility, governance, and evidence chain to manage releases at any velocity, without sacrificing compliance or security.
Questions ReARM Can Answer Quickly
❓ What is the exact security posture of version 1.0.3 of product X?
ReARM tracks every vulnerability, license violation, and policy finding per release - so you can see the current and historical security posture of any specific version.
❓ Are we ready to ship version 1.0.4 of product X?
ReARM Pro is the system of record for release approvals and lifecycle management. Your CI/CD pipeline queries ReARM to determine the latest release that has passed all required approval gates - and only promotes or deploys that version. No approved status in ReARM, no deployment.
❓ Can we prove to an auditor that every shipped release was reviewed and approved?
Every approval in ReARM Pro is immutably recorded with a timestamp, approver identity, and the evidence it was based on. Your release approval workflow is also your audit trail.
❓ Has any Shai-Hulud-infected dependency ever entered our supply chain, and if so, in which releases?
ReARM's cross-release SBOM search lets you query any component or dependency across your entire release history - instantly identifying which releases were affected and when.
❓ Has the Log4Shell CVE ever appeared anywhere across our organization?
ReARM aggregates findings from all tools and all releases organization-wide, so you can search for any CVE across your entire product and component portfolio.
Asset Management & Evidence Platform
ReARM is a system of record that collects, stores for 10+ years, versions, and traces all digital artifacts required to prove the integrity, safety, and compliance of software, firmware, and hardware throughout their lifecycle. This includes SBOMs, HBOMs, other xBOMs, VEX, VDR, BOV, SARIF, digital signatures, attestations, build metadata, and more.
Regulatory Compliance
ReARM provides a central repository for SBOMs, xBOMs, and security artifacts across all your releases. It ensures supply chain compliance with EU CRA, NIS2, DORA, US Executive Orders 14028 and 14144, Section 524B of the FD&C Act, and India's RBI and SEBI regulations.
Know exact security posture of each release and changes over time
ReARM aggregates findings from Dependency-Track and other security tools into a unified view. Track vulnerabilities and policy violations across releases with scoped auditing, deduplication, and rich changelogs showing how your security posture evolves over time.
License Compliance
ReARM allows to track license compliance for all your releases and BOMs with ability to triage and audit violations across various scopes, just like any other finding.
Get Automated Versioning and Changelogs for your Releases
ReARM automates version bumping and changelog generation for every release. ReARM provides changelogs for source code changes, SBOM component changes and security finding changes. Choose your versioning schema, connect your CI pipeline, and ReARM handles the rest - tracking every artifact and evidence entry per release.
Automated Bundling into Products
ReARM automatically bundles your Component Releases into Product Releases and supports multi-level nesting. Evidence and findings propagate from components to products automatically, at any scale - including the release velocity of agentic AI teams.
Finding Management System With Scopes
ReARM includes a comprehensive finding management system with support for multiple scopes (organization-wide, product-level, component-level, release-level). It supports all types of findings, including Vulnerabilities, Weaknesses, and License Compliance Violations. Findings are aggregated per-release across all evidences supplied to ReARM.
Agentic SBOM Enrichment and Augmentation
ReARM includes Reliza BEAR, an agentic SBOM enrichment and augmentation tool that automatically enriches your SBOMs with additional metadata, including supplier, copyright and license information.
Approval and Lifecycle Management
ReARM Pro provides rich capabilities for managing approvals and lifecycles of your releases. Both manual and automated approvals are supported.
Supports
OWASP Transparency Exchange API
Pricing & Plans
Fixed predictable rates for any team?
ReARM CE
Free
Forever
- FOSS ReARM Community Edition
- Self-Hosted
- Single Organization
- Community support
- All Core SBOM/xBOM Storage & Retrieval Functionality
- Vulnerabilities and Violations via self-managed Dependency-Track Integration
ReARM Pro - Starter
$195
Per Month
- Up to 65GB of storage for compressed artifacts*Usually, enough to store more than 200,000 SBOMs
- Priority Support (8 hours response time)
- Managed Dependency-Track
- Multi-Perspective Workflow
- Approvals & Event Workflows
- Marketing Releases
- SBOM Enrichment via BEAR
- Free 60-day trial*A ReARM Pro Starter instance is provided during the trial, subject to Terms of Service.
After the trial, you may:
- continue with a paid ReARM Pro plan;
- export your data and switch to a self-hosted FOSS ReARM CE instance;
- or cancel altogether.
ReARM Pro - Standard
$1350
Per Month
- All in ReARM Pro - Starter
- Private VPN / VNet with SSO and unlimited artifact storage, option for on-prem deployment
- Enhanced support (24x7, 4 hours response time)
- Support for Multi-Organization Workflow
- Free 60-day trial*A ReARM Pro Starter instance is provided during the trial, subject to Terms of Service.
After the trial, you may:
- continue with a paid ReARM Pro plan;
- export your data and switch to a self-hosted FOSS ReARM CE instance;
- or cancel altogether.
ReARM Pro - Enterprise
$75
per write user per month
- All in ReARM Pro - Standard
- Premium support (24x7, 1 hour response time)
- Option for air-gapped deployment
- Free 60-day trial*A ReARM Pro Starter instance is provided during the trial, subject to Terms of Service.
After the trial, you may:
- continue with a paid ReARM Pro plan;
- export your data and switch to a self-hosted FOSS ReARM CE instance;
- or cancel altogether.