NetRise Launches Partner-Led Federal Security Service

NetRise Launches Partner-Led Federal Security Service

NetRise launches a partner-led software supply chain risk management offering to help federal agencies improve software visibility and risk assessment.

Jul 1, 2026
4 minute read
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

NetRise is bringing a managed software supply chain risk management offering to the federal market through a partner-led model, giving federal integrators and managed service providers a new way to help agencies evaluate software risk beyond vendor questionnaires, attestations, and traditional software bills of materials.

NetRise targets federal software supply chain visibility

The offering is designed for federal agencies under growing pressure to make software supply chain risk management more operational across acquisition, authorization, continuous monitoring, and incident response workflows.

NetRise begins its analysis with the binary, creating an independent software asset inventory spanning firmware, operating systems, containers, and applications. That approach is intended to validate what is actually executing in an environment, rather than relying only on vendor-supplied SBOMs or source-based tools.

“At a technical level, the offering gives federal agencies independent software evidence — moving them from vendor declarations, source-derived SBOMs, and questionnaires to verified reality about what is actually in the software they build, buy, and run,” NetRise CEO Tom Pace told Channel Insider.

Provenance data adds context for partners and agencies

NetRise Provenance adds context to the binary-derived inventory by mapping software components to canonical repositories, contributors, maintainers, organizations, and regions. 

The company said the capability can also surface repository health signals and dependency blast radius, helping agencies and partners assess how far the impact of a compromised open-source component could spread.

For federal partners, the offering is positioned to support several operational workflows, including vendor onboarding, Risk Management Framework and Authority to Operate activities, continuous monitoring, and software supply chain incident scoping.

“What stood out to us about NetRise is its ability to independently analyze the compiled software and pair that with rich provenance intelligence,” Sarn Gabriel Bien-Aime, Asc3nd Technologies Group’s CEO, told Channel Insider. “Many organizations rely solely on vendor documentation or software bills of materials, which don’t necessarily provide a complete picture of what is actually running in production.”

Bien-Aime said Asc3nd has built its federal practice around closing visibility gaps for agencies, and that NetRise gives customers the evidence and intelligence needed to move from “compliance theater to real, scalable risk management.”

“By combining binary-derived evidence with software provenance, we’re able to help customers validate what they’ve received, better understand where software components originate, assess potential downstream impacts, and prioritize risk with greater confidence.”

Advertisement

Asc3nd joins as strategic launch partner

Asc3nd Technologies Group will serve as one of the first partners bringing the managed capability to the federal market. 

The company’s role highlights the channel opportunity in software supply chain risk management, as agencies seek help implementing and operating these capabilities in complex federal environments.

“This partnership allows us to bring together NetRise’s deep software supply chain intelligence with ASC3ND’s experience helping federal agencies operationalize cybersecurity capabilities inside complex environments. Together, we’re helping federal organizations make software trust a measurable, operational capability,” Bien-Aime said.

“Being selected as the strategic launch partner reflects a shared vision, not simply to deploy another security tool, but to help agencies build a more sustainable approach to managing software supply chain risk. We believe that’s where the market is heading, and we’re excited to help lead that transition,” he continued.

Why NetRise built a partner-led model

Pace said the partner-led model is intended to provide agencies with access to binary-derived evidence and provenance intelligence through trusted federal service providers.

“Federal agencies often face a gap between discovering software supply chain vulnerabilities and having the bandwidth to remediate them. Our partners bridge this gap by embedding NetRise’s continuous telemetry and deep binary analysis directly into their existing managed security services, SOC workflows, and risk advisory programs,” Pace said. 

“By wrapping their elite engineering and consulting expertise around our automated platform findings, partners don’t just hand agencies a list of compliance issues—they deliver the operational roadmap, prioritization, and hands-on guidance necessary to actively harden federal systems and accelerate mission resilience,” he continued.

Advertisement

Why this matters for other federal channel partners

The launch comes as software supply chain security continues to move from a compliance concern to an operational risk issue for federal agencies and the partners that support them. 

For federal integrators and managed service providers, NetRise’s offering creates a managed service opportunity around a problem many agencies are still trying to operationalize: knowing what software is present, where it came from, who maintains it, and how risk can spread through dependencies.

Pace said recent software supply chain incidents show that agencies cannot focus only on development-time controls. Instead, he said they also need visibility into software already running in production.

What ties all of this together is a single dependency: each mandate requires an accurate, evidence-based account of what’s truly inside the software agencies run — not what a vendor declared or a questionnaire captured,” said Pace. “That matters because as much as 80% of a modern application is open-source code that no agency wrote or maintains — and that externally-sourced code, outside government control, is exactly where attackers concentrate their efforts.”

Victoria Durgin

Victoria Durgin is a communications professional with several years of experience crafting corporate messaging and brand storytelling in IT channels and cloud marketplaces. She has also driven insightful thought leadership content on industry trends. Now, she oversees the editorial strategy for Channel Insider, focusing on bringing the channel audience the news and analysis they need to run their businesses worldwide.

Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.