Your software architecture. Automatically discovered.

HOW IT WORKS

You have to know what you have to protect it.

Apiiro’s extended bill of materials (XBOM) is the industry’s only real-time map of your entire software architecture, automatically discovered—and as easily searchable as Google.

• Get instant and complete visibility into your software and supply chain inventory across all changes, from code to runtime—all through simple API integration with your source code manager and runtime connectors.
• Understand your actual risk exposure so that you can prioritize across repositories and applications based on risk and detect “crown jewels.”
• Automatically detect material change to your code base and application security posture, and trigger security reviews, streamlining compliance and saving developer time.

Apiiro’s XBOM is uniquely enabled through:

Deep Code Analysis (DCA)

Apiiro’s patented deep code analysis (DCA) performs deep, semantic analysis of your code base down to the most atomic level—uncovering every data model, instances of PII in code, and more.

Code-to-Runtime Context

Your software architecture is enriched with runtime context from connectors—providing critical insights into your actual risk exposure (e.g. whether code is deployed, Internet-based, behind a WAF), and enabling you link code in production applications back to the individual developer.

What’s included in Apiiro’s application inventory?

Apiiro’s XBOM maps your software and supply chain inventory inside and out, from the deepest elements of your codebase to the full runtime context.

Application

• Modules
• APIs
• GraphQL Operations
• Protobuf Services
• Languages
• Technologies
• OSS Dependencies
• OSS Licenses
• Serverless
• Storage Bucket

Supply Chain

• Projects
• Repositories
• Source Control Managers
• CI/CD Pipelines
• Pipeline Dependencies
• Artifacts
• Secrets
• Contributors & Teams
• Tracked Issues

Data & Controls

• Authorization
• Authentication
• Encryption
• Session Management
• Key Management
• Data Models
• GraphQL Objects
• Protobuf Messages
• Data Access Objects
• Sensitive Data

Infrastructure

• Infrastructure as Code
• Container Images
• Containers
• Kubernetes Services
• Workloads
• Clusters
• Cloud Providers
• Cloud App Engine
• API Gateways

WHY APIIRO

Only Apiiro understands your software architecture.

You can’t identify, prioritize, remediate, and prevent application risk without understanding your software architecture. Apiiro’s uniquely deep and context-rich inventory gives you the map to help deliver secure code faster.

• Streamline the security review process and ensure continuous compliance based on automatic detection of material changes.
• Prioritize and remediate vulnerabilities through the lens of your full software architecture so you’re focusing on the risks that matter most to your business.
• Embed secure-by-design through the software design process by automatically alerting on risky features before a single line of code is written.

Explorer

Ask and answer any questions about your application and supply chain components, their connections and trains, and their associated risks with Apiiro’s query-based Explorer.

Material Change Detection

Apiiro monitors each and every code change to automatically determine which may introduce material changes or risk to more efficiently trigger security reviews, agile threat models, or other security controls.

Coverage Map

Because Apiiro has visibility across your repositories and security testing tools, we can map your testing coverage to expose gaps and redundancies.