New offering helps federal agencies operationalize software supply chain risk management with binary-derived evidence and provenance context for a more complete view of software risk
NetRise announced a partner-led managed software supply chain risk management offering for the federal market. Delivered through trusted federal integrators and managed service providers, the offering enables partners to combine NetRise’s independent binary analysis of compiled artifacts with NetRise Provenance, which adds software supply chain context, including the extent of the reach of software supply chain compromises, to help agencies better assess and address software risk across the products, dependencies and vendors they rely on. NetRise is working with Asc3nd Technologies Group as a strategic launch partner for this program.
“Federal agencies are being asked to make software supply chain risk management operational, not just aspirational,” said Thomas Pace, co-founder and CEO of NetRise. “That requires more than questionnaires, attestations or isolated tools. By enabling trusted partners with binary-derived evidence of what is actually in software, along with provenance intelligence that helps explain who is behind it and how far risk can spread, NetRise is helping agencies turn software risk into something they can assess, prioritize and act on at scale.”
Read More:Â SalesTechStar Interview with Travis Rehl, CTO and Head of Product at Innovative Solutions
The offering is designed to help partners deliver software supply chain risk management as an operational capability across acquisition, authorization, continuous monitoring and incident response. Three recent federal actions bear directly on this work.
- CISA Binding Operational Directive 26-04, Prioritizing Security Updates Based on Risk (June 10, 2026), requires federal civilian agencies to prioritize remediation by asset exposure and known exploited vulnerability status, which is only as accurate as an agency’s understanding of the software actually running on each asset.
- The AI executive order, Promoting Advanced Artificial Intelligence Innovation and Security (June 2, 2026), responds to AI compressing the time between vulnerability disclosure and exploitation, raising the premium on fast and accurate software inventory.
- The post-quantum cryptography executive order, Securing the Nation Against Advanced Cryptographic Attacks (June 22, 2026), sets 2030 and 2031 migration deadlines and directs CISA and NIST to define a cryptographic bill of materials, which depends on visibility into the cryptographic algorithms embedded in deployed software and firmware.
NetRise starts from the binary to create an independent, full-stack software asset inventory across firmware, operating systems, containers and applications. NetRise Provenance adds a complementary layer of software supply chain context by mapping components to canonical repositories, contributors, maintainers, organizations and regions, while surfacing repository health signals and dependency blast radius – the extent of downstream impact when an open-source component is compromised – to help teams make better third-party risk, procurement and incident response decisions. Together, these capabilities help partners support federal agencies in several important ways:
- Validate vendor-provided SBOMs against compiled artifacts and build a binary-derived inventory of the software that actually executes, giving agencies the asset-level software context that BOD 26-04 prioritization depends on
- Enrich that inventory with provenance context, including software origin, contributor and maintainer signals, repository health and dependency blast radius
- Identify the cryptographic algorithms and libraries present in compiled software and firmware, supporting the cryptographic inventory and bill-of-materials work the post-quantum executive order requires
- Support federal workflows spanning vendor onboarding, RMF and ATO activities, continuous monitoring and faster scoping of software supply chain incidents, at the speed AI-accelerated exploitation timelines now demand
Read More:Â Why Pipeline-Driven Sales Will Dominate and Become the New Era of Sales Efficiencies
“Federal agencies can’t manage what they can’t see — and the teams we support don’t just need better tools, they sometimes need a trusted partner who can operationalize those capabilities inside their environments,” said Sarn Gabriel Bien-Aime, Founder & CEO, Asc3nd Technologies Group. “Asc3nd has built our federal practice around closing that visibility gap, and NetRise gives our customers the binary-derived evidence and provenance intelligence to move from compliance theater to real, scalable risk management. We’re proud to be the first partner bringing this vision to the federal market. Now, as integrated with our AI ARES platform we are more ready than ever to uncover risk and vulnerability across Federal environments that they never would have surfaced without this suite of capabilities.”
“Recent software supply chain incidents have made one thing clear: As attackers shift left and move further upstream, agencies and their partners cannot focus only on development-time controls,” said Pace. “They also need to shift right and gain visibility into the software that is already running in production. When you combine binary analysis of what you actually build, buy and deploy with provenance intelligence about who is behind that software and how risk can spread, you can make better third-party risk decisions, respond faster and build more resilient federal systems.”













