Reliza and ShiftLeftCyber Announce SecureSBOM Signing Integration into ReARM Platform

Ottawa, Ontario, Canada, 2025-12-15 - Reliza, the Canadian creator of the ReARM Software and Hardware Release-Level Supply Chain Evidence Platform, and ShiftLeftCyber, a Canadian innovator in SBOM authenticity and integrity solutions, today announced a new integration that enables seamless use of SecureSBOM signing inside Reliza's ReARM platform.

With this integration, ReARM can now ingest SecureSBOM-signed BOMs or detached signatures. Further, ReARM provides storage for SecureSBOM public key IDs or original public keys used for offline verification. This allows organizations to verify authenticity, detect tampering, and maintain chain-of-custody for Bills of Materials across their supply chains. In addition, SecureSBOM signing is now fully integrated into ReARM's standard GitHub Actions workflow, giving Development, DevOps, and DevSecOps teams an intuitive, automated way to sign BOMs at build time with minimal additional configuration.

This collaboration strengthens Canada's leadership in software supply chain security by combining ReARM's advanced SBOM/xBOM management with SecureSBOM's cryptographically verifiable signing framework. Reliza and ShiftLeftCyber, both proudly Canadian companies, are demonstrating that the next generation of supply chain security solutions can be built locally while operating at global scale. By combining Reliza's end-to-end visibility with SecureSBOM's tamper-evident signing, organizations gain a more trustworthy, compliant, and interoperable SBOM workflow.

Pavel Shukhman, CEO of Reliza: "This integration with ShiftLeftCyber aligns perfectly with our mission to bring reliability, authenticity, and automation to supply chain management. SecureSBOM signing enhances the trust developers, security teams, and auditors can place in ReARM-managed SBOMs."

Jason Smith, CEO of ShiftLeftCyber: "By integrating SecureSBOM signing directly into ReARM, we're making secure software provenance both accessible and automated. We believe that SBOM signing is a logical next step in the evolution of supply chain security."

The integration is available today for both ReARM Community Edition and ReARM Pro. Developers using ReARM's official GitHub Actions automatically gain access to SecureSBOM signing options.

Read the full announcement at rearmhq.com.

For more information, contact Olga Lev at pr@reliza.io.