Ion Channel

Software Supply Chain Risk Management

Your Source for Software Supply Chain Security

Software supply chains are a blind spot for many organizations: weaknesses can come from any component in your software supply chain, and threat actors know this.


Ion Channel brings a holistic view of software risk to:

  • Uncover Minimize surprise from open source software components and reject fragile code with dubious pedigree and provenance.
  • Illuminate unacceptable supply chain attack surface and concentration risk.
  • Analyze and prioritize leading risk indicators in a Software Bill of Materials (SBOMs).
  • Generate, analyze and monitor SBOMs if all you have is legacy FLOSS lists or spreadsheets from assurance packages.
  • Get authoritative software names and identities from inventories with incorrect or incomplete data, or low quality SBOMs with minimal (or sub-minimal) data.
  • Understand when vulnerability remediation would require overwhelming resource commitment.
  • Understand which vendors are likely unable to remediate known vulnerabilities in their product, and which vendors are well-positioned to update and secure their products in a timely fashion.

How it Works

The 1Exiger platform continuously ingests software supply chain data to identify where software dependencies show:

  • Changes to open source components, maintenance and compliance history.
  • Leading indicators of risk in the absence of known vulnerabilities.
  • Supplier risks that software scanners don’t detect, like change-of-control.


As software is delivered by vendors, contractors or in-house developers, our secure platform:

  • Ingests and builds a SBOM.
  • Analyzes all transitive dependencies, maps supplier risk metrics, automates pass/fail security rules.
  • Maintains continuous monitoring on all components and SBOMs.
  • Provides scheduled and event-driven updates in assurance data to trigger contractual and security workflows.
  • Differentiates security-aware and security-responsive suppliers based on vulnerabilities, cyber hygiene, technical debt, supply chain fragility and mean-time-to-remediation.
  • Automates gating functions based on risk criteria to verify and enforce customer terms and conditions and safeguard software.