Heimdall LogoHeimdall SBOM
Heimdall SBOM

Enterprise-Grade SBOM and Supply Chain Risk Management for C/C++ & Ada

Generate comprehensive Software Bill of Materials (SBOM) and implement supply chain risk management (SCRM) with compile-time precision using GCC and Clang plugins, advanced binary analysis, DWARF debug extraction, and embedded cybersecurity support for IoT and embedded systems. Meet NTIA, CISA, Army Directive 2024-02, OMB M-22-18, Executive Order 14028, and FDA Section 524b cybersecurity compliance requirements.

Get Started FreeView Documentation
546+Tests Passing
6SBOM Formats
5C++ Standards
Heimdall Guardian

Why Choose Heimdall for Your Security-Critical Applications?

🛡️

Government Compliance Ready

Meet NTIA minimum elements, CISA guidelines, Army Directive 2024-02, OMB M-22-18, Executive Order 14028, and FDA Section 524b requirements with comprehensive SBOM generation.

Embedded Cybersecurity Ready

Cross-compilation support, static analysis, and minimal overhead for embedded cybersecurity in resource-constrained embedded applications and IoT devices.

⚙️

Compile-Time Precision

GCC and Clang compiler plugins capture dependency information during compilation for enhanced accuracy and richer SBOM generation with precise source-level metadata.

🔍

Deep Binary Analysis

DWARF debug information extraction, ELF/Mach-O parsing, and comprehensive component dependency mapping.

📋

Multi-Standard Compliance

SPDX 2.3/3.0/3.0.1 and CycloneDX 1.4/1.5/1.6 support exceeding NTIA minimum elements and meeting federal regulatory requirements across defense, healthcare, and critical infrastructure sectors.

Comprehensive SBOM Generation & Validation

Build Integration

Seamless Build Integration

Native CMake module with GCC and Clang compile-time plugins for enhanced accuracy, plus LLVM LLD and GNU Gold linker plugins for zero-friction integration into existing C/C++ and Ada build pipelines.

• GCC/Clang Compile-time Plugins• CMake Integration• LLD & Gold Linker Plugins• CI/CD Ready
SBOM Generation

Advanced SBOM Generation

Generate detailed SBOMs with compile-time source analysis, version detection, license compliance, package manager integration, and cryptographic signatures.

• Compile-time Source Analysis• Version Detection• License Compliance• Digital Signatures
Binary Analysis

Deep Binary Analysis

Extract comprehensive metadata from ELF, Mach-O, and PE binaries with DWARF debug information and symbol analysis.

• DWARF Extraction• Symbol Analysis• Multi-Format Support
Validation

Rigorous SBOM Validation

Validate SBOM compliance with industry standards, verify digital signatures, and ensure data integrity across your cybersecurity supply chain for comprehensive supply chain risk management (SCRM).

• Schema Validation• Signature Verification• Compliance Checking

Comprehensive Language & Platform Support

Languages & Standards

⚙️C/C++ (C++11 through C++23)
🅰️Ada with GNAT toolchain
🔧Cross-compilation targets
📦Static & dynamic libraries

Operating Systems

🐧Linux (Ubuntu, RHEL, Debian, Arch)
🍎macOS (ARM64 & x86_64)
🎯Embedded Linux cybersecurity
Real-time operating systems

Build Systems

🔧GCC compile-time plugin
⚙️Clang compile-time plugin
🏗️CMake with native module
LLVM LLD linker integration
🔗GNU Gold linker plugin
🚀CI/CD pipeline integration

Perfect for Security-Critical Applications

🛡️ DoD Defense & Aerospace

Meet Department of Defense (DoD) Army Directive 2024-02, CISA guidelines, NIST cybersecurity framework, and Executive Order 14028 requirements with comprehensive supply chain visibility, digital signatures, and vulnerability tracking for mission-critical defense systems.

🏭 Industrial IoT Cybersecurity

Secure embedded systems and industrial control software with lightweight SBOM generation and embedded cybersecurity solutions optimized for resource-constrained IoT cybersecurity environments.

🚗 Automotive

Ensure compliance with automotive cybersecurity standards (ISO/SAE 21434) through comprehensive component tracking and vulnerability management.

🏥 Medical Devices

Meet FDA Section 524b requirements of the Federal Food, Drug, and Cosmetic Act with detailed software composition analysis and regulatory-compliant SBOM documentation for medical device cybersecurity.

💰 Financial Services

Meet OMB M-22-18 memorandum requirements and Executive Order 14028 mandates with comprehensive software inventory, cybersecurity supply chain risk management (SCRM), and C-SCRM practices for critical financial infrastructure.

☁️ Cloud Infrastructure

Secure containerized applications and microservices with automated SBOM generation for complex distributed systems.

Powerful Command-Line Tools

heimdall-sbom

Generator

Advanced SBOM generation with compile-time source analysis, comprehensive binary analysis, debug information extraction, and multi-format output support.

heimdall-sbom plugin.so binary --format spdx --debug-info --output app.spdx
  • ✓ GCC/Clang compile-time analysis
  • ✓ Multiple output formats (SPDX, CycloneDX)
  • ✓ DWARF debug information extraction
  • ✓ Digital signature generation
  • ✓ Package manager integration

heimdall-validate

Validator

Comprehensive SBOM validation with schema compliance checking, signature verification, and detailed reporting capabilities.

heimdall-validate --format spdx --input app.spdx --verify-signatures --report validation.json
  • ✓ Schema compliance validation
  • ✓ Digital signature verification
  • ✓ Custom validation rules
  • ✓ Detailed compliance reporting

GCC Compile-Time Plugin

Compiler Plugin

Integrate directly with GCC compilation for precise source-level dependency tracking and enhanced SBOM accuracy during build time.

gcc -fplugin=heimdall_plugin.so -fplugin-arg-heimdall_plugin-output=sbom.json main.c -o myapp
  • ✓ Source-level dependency analysis
  • ✓ Real-time compilation integration
  • ✓ Enhanced metadata capture
  • ✓ Cross-compilation support

Clang Compile-Time Plugin

Compiler Plugin

Leverage Clang's advanced AST analysis capabilities for comprehensive compile-time SBOM generation with detailed source information.

clang -fplugin=heimdall_clang_plugin.so -Xclang -plugin-arg-heimdall -Xclang output=sbom.json main.c -o myapp
  • ✓ AST-based source analysis
  • ✓ Advanced static analysis
  • ✓ LLVM toolchain integration
  • ✓ Modern C++ feature support

LLD Link-Time Plugin

Linker Plugin

Integrate with LLVM's LLD linker for comprehensive link-time analysis, capturing final binary composition and dependency resolution.

clang -fuse-ld=lld -Wl,--plugin-opt=-load=heimdall_lld_plugin.so -Wl,--plugin-opt=-sbom-output=app.json main.c -o myapp
  • ✓ Link-time dependency resolution
  • ✓ Final binary composition analysis
  • ✓ LLVM LLD integration
  • ✓ Optimized binary insights

Get Started in Minutes

1

Install Dependencies

Run our automated setup script to install all required dependencies for your platform.

sudo ./scripts/setup.sh --auto-detect
2

Build Heimdall

Build with your preferred C++ standard and compiler configuration.

./scripts/build.sh --standard 17 --compiler gcc --tests
3

Generate Your First SBOM

Create a comprehensive SBOM for your C/C++ or Ada application.

heimdall-sbom plugin.so myapp --format spdx --output myapp.spdx

Built for Enterprise Cybersecurity and Supply Chain Risk Management

🔒 Regulatory Compliance

Exceed NTIA minimum elements and meet federal requirements including Army Directive 2024-02, OMB M-22-18, Executive Order 14028, and FDA Section 524b with cryptographic validation and digital signatures.

📊 Comprehensive Testing

546+ automated tests across 30 test suites with 44.4% code coverage ensuring reliability in production environments.

🏆 Open Source

Fully transparent, Apache 2.0 licensed with active community development and security-focused code reviews.

⚡ Performance Optimized

Minimal runtime overhead with parallel processing and optimized binary analysis for large-scale enterprise applications.