The Problem

Auditors need binary-level SBOMs, but current tools only document JavaScript dependencies. They cannot tell you what the compiled binaries inside those dependencies actually do. When your SOC 2 auditor asks for a software bill of materials, the package-lock.json is not enough.

The Solution

BinShield produces CycloneDX 1.5 SBOMs with binary-level component detail, behavior classifications, and risk scores. Every native artifact is inventoried, decompiled, and classified — giving your compliance team the evidence they need.

Regulations Covered

Binary-level compliance for modern frameworks

EU Cyber Resilience Act

Requires machine-readable SBOMs for all products with digital elements sold in the EU. BinShield adds binary-level component detail that source-only tools miss.

SOC 2 Type II

Auditors need evidence that third-party software components are inventoried and risk-assessed. BinShield SBOMs document every native binary and its behavior classification.

ISO 27001:2022

Annex A.8.28 requires secure coding practices including dependency analysis. BinShield extends that analysis to compiled artifacts.

Biden Executive Order 14028

Mandates SBOMs for all software sold to the US federal government. BinShield produces CycloneDX 1.5 output that meets NTIA minimum element requirements — including binaries.

Export an SBOM

One curl command to audit-ready output

# Export a CycloneDX 1.5 SBOM for bcrypt
curl -H "Authorization: Bearer $BINSHIELD_API_KEY" \
  https://api.binshield.dev/packages/npm/bcrypt/versions/6.0.0/sbom

# Response includes binary-level components:
# {
#   "bomFormat": "CycloneDX",
#   "specVersion": "1.5",
#   "components": [
#     {
#       "type": "library",
#       "name": "bcrypt_lib.node",
#       "purl": "pkg:npm/bcrypt@6.0.0#prebuilds/linux-x64/bcrypt_lib.node",
#       "properties": [
#         { "name": "binshield:risk-score", "value": "52" },
#         { "name": "binshield:behaviors", "value": "crypto,filesystem" }
#       ]
#     }
#   ]
# }

Compliance Evidence