NetRise is bringing a managed software supply chain risk management offering to the federal market through a partner-led model, giving federal integrators and managed service providers a new way to help agencies evaluate software risk beyond vendor questionnaires, attestations, and traditional software bills of materials.
NetRise targets federal software supply chain visibility
The offering is designed for federal agencies under growing pressure to make software supply chain risk management more operational across acquisition, authorization, continuous monitoring, and incident response workflows.
NetRise begins its analysis with the binary, creating an independent software asset inventory spanning firmware, operating systems, containers, and applications. That approach is intended to validate what is actually executing in an environment, rather than relying only on vendor-supplied SBOMs or source-based tools.
“At a technical level, the offering gives federal agencies independent software evidence — moving them from vendor declarations, source-derived SBOMs, and questionnaires to verified reality about what is actually in the software they build, buy, and run,” NetRise CEO Tom Pace told Channel Insider.
Provenance data adds context for partners and agencies
NetRise Provenance adds context to the binary-derived inventory by mapping software components to canonical repositories, contributors, maintainers, organizations, and regions.
The company said the capability can also surface repository health signals and dependency blast radius, helping agencies and partners assess how far the impact of a compromised open-source component could spread.
For federal partners, the offering is positioned to support several operational workflows, including vendor onboarding, Risk Management Framework and Authority to Operate activities, continuous monitoring, and software supply chain incident scoping.
“What stood out to us about NetRise is its ability to independently analyze the compiled software and pair that with rich provenance intelligence,” Sarn Gabriel Bien-Aime, Asc3nd Technologies Group’s CEO, told Channel Insider. “Many organizations rely solely on vendor documentation or software bills of materials, which don’t necessarily provide a complete picture of what is actually running in production.”
Bien-Aime said Asc3nd has built its federal practice around closing visibility gaps for agencies, and that NetRise gives customers the evidence and intelligence needed to move from “compliance theater to real, scalable risk management.”
“By combining binary-derived evidence with software provenance, we’re able to help customers validate what they’ve received, better understand where software components originate, assess potential downstream impacts, and prioritize risk with greater confidence.”
Asc3nd joins as strategic launch partner
Asc3nd Technologies Group will serve as one of the first partners bringing the managed capability to the federal market.
The company’s role highlights the channel opportunity in software supply chain risk management, as agencies seek help implementing and operating these capabilities in complex federal environments.
“This partnership allows us to bring together NetRise’s deep software supply chain intelligence with ASC3ND’s experience helping federal agencies operationalize cybersecurity capabilities inside complex environments. Together, we’re helping federal organizations make software trust a measurable, operational capability,” Bien-Aime said.
“Being selected as the strategic launch partner reflects a shared vision, not simply to deploy another security tool, but to help agencies build a more sustainable approach to managing software supply chain risk. We believe that’s where the market is heading, and we’re excited to help lead that transition,” he continued.
Why NetRise built a partner-led model
Pace said the partner-led model is intended to provide agencies with access to binary-derived evidence and provenance intelligence through trusted federal service providers.
“Federal agencies often face a gap between discovering software supply chain vulnerabilities and having the bandwidth to remediate them. Our partners bridge this gap by embedding NetRise’s continuous telemetry and deep binary analysis directly into their existing managed security services, SOC workflows, and risk advisory programs,” Pace said.
“By wrapping their elite engineering and consulting expertise around our automated platform findings, partners don’t just hand agencies a list of compliance issues—they deliver the operational roadmap, prioritization, and hands-on guidance necessary to actively harden federal systems and accelerate mission resilience,” he continued.
Why this matters for other federal channel partners
The launch comes as software supply chain security continues to move from a compliance concern to an operational risk issue for federal agencies and the partners that support them.
For federal integrators and managed service providers, NetRise’s offering creates a managed service opportunity around a problem many agencies are still trying to operationalize: knowing what software is present, where it came from, who maintains it, and how risk can spread through dependencies.
Pace said recent software supply chain incidents show that agencies cannot focus only on development-time controls. Instead, he said they also need visibility into software already running in production.
What ties all of this together is a single dependency: each mandate requires an accurate, evidence-based account of what’s truly inside the software agencies run — not what a vendor declared or a questionnaire captured,” said Pace. “That matters because as much as 80% of a modern application is open-source code that no agency wrote or maintains — and that externally-sourced code, outside government control, is exactly where attackers concentrate their efforts.”





