About Reliza

Who We Are

Reliza is a Canadian software supply chain security company headquartered in Ottawa, Ontario. We build tooling that gives teams across the organization - both technical and non-technical - a shared worldview of their software supply chain.

Founded in 2019, Reliza has grown from a DevOps automation company into a focused software supply chain security platform provider. We are proud members of the Canadian cybersecurity ecosystem, supported by Invest Ottawa and Rogers Cybersecure Catalyst.

What We Do

Modern software is built on layers of open-source components, third-party dependencies, and complex CI/CD pipelines. Regulatory requirements such as the EU Cyber Resilience Act and US Executive Orders 14028 and 14144 demand that organizations know exactly what is in their software at every release - and prove it.

Reliza makes this possible. Our flagship product, ReARM, is a Release-Level Supply Chain Evidence Platform that collects, stores for 10+ years, versions, and traces all digital artifacts required to prove the integrity, safety, and compliance of software, firmware, and hardware throughout their lifecycle. This includes SBOMs, HBOMs, VEX, VDR, SARIF, attestations, build metadata, and more.

Beyond ReARM, we contribute to the open-source community through tools like Oolong, a lightweight OWASP Transparency Exchange API implementation, and BEAR, an agentic SBOM enrichment and augmentation tool.

Our Philosophy

We believe that security and compliance tooling should not be the exclusive domain of security engineers. When a CISO, a product manager, and a developer all look at the same release, they should see the same picture - a complete, accurate, and up-to-date view of what was shipped, what it contains, and whether it is safe.

This shared worldview is what Reliza tooling is designed to create. We bridge the gap between compliance requirements and engineering realities, making supply chain transparency automatic, continuous, and accessible to everyone.

Community Involvement

Reliza is an active contributor to the open-source and standards community. We participate in multiple OWASP and OpenSSF working groups, most notably in the OWASP Transparency Exchange API working group. We have also spoken at leading security conferences including SecTor, OWASP Global AppSec, Open Source SecurityCon, and BSides Toronto.

We believe that open standards and open tooling are essential for a trustworthy software supply chain ecosystem - and we invest our time and resources accordingly.

Want to learn more?

Reach out to the Reliza team - we would love to talk about how we can help your organization.