Release Notes Log
Manifest's release notes provide updates about the newest functionality avaialble to our users. For any questions, each out to Mike McDonel at [email protected] for support.
October 9, 2025
Manifest is rolling out Expanded License Coverage, Customizable License Approval Statuses, and Policies.
We’ve significantly upgraded our license management capabilities to help your teams stay ahead of compliance and policy risks. You now have access to a more robust license detection capability and also have the ability to define custom policies that align with your organization’s needs.
Why these changes matter: 14× more license coverage: We’ve integrated with an industry-standard Open Source license database, expanding license detection coverage to over 2,000 licenses.
Customizable alert statuses: Easily classify licenses as Approved, Review, or Forbidden based on your organization’s compliance policies. Manifest has provided default statuses for all licenses.
License data export: Manifest lets you export a comprehensive license CSV that includes each license and its associated alert status, for any product. This enables seamless sharing of compliance evidence across legal and security workflows.
**Organization-wide policies: **Create org-level policies that automatically email the right people when a newly uploaded SBOM violates your vulnerability or license thresholds (e.g., CVSS, CISA KEV, license status/type).
Admins can configure policies under Settings → Organization → Policies — ensuring your organization stays informed and compliant with every SBOM upload.
Note: Policy and license status changes apply to SBOMs uploaded after updates are made.
August 12, 2025
Manifest now allows customers to upload first and third-party AIBOMs, enabling centralized visibility and streamlined risk assessments alongside existing SBOMs. Additionally, the new Models tab on the Asset page highlights instances where AI models are detected within traditional SBOMs, providing deeper insights into AI components across your software supply chain.
How it works
Step 1: Head to the Uploads page at https://app.manifestcyber.com/
Step 2: Upload AIBOMs the same way you upload any SBOM
Step 3: Once uploaded, click on the resulting uploaded asset
Step 4: See the list of detected models on the ‘AI models’ tab
Alongside this release, we have announced Manifest AI Risk, our newest product module. AI Risk continuously monitors both open-source and custom models to enable AI governance policy enforcement, risk reduction, and ensure responsible AI development. See a screenshot below of the model analysis enabled with Manifest AI Risk.
August 11, 2025
As announced in Q2, we’re excited to transition from organization-level tokens to user-level tokens this quarter! User-level tokens add more granularity and result in better security for critical integrations and API driven workflows.
What’s changing?
Starting now, users will no longer be able to create new organization-level tokens.
Existing organization-level tokens will continue to work until they expire.
Once your last organization-level token expires, this feature will be fully deprecated.
What do you need to do?
Begin creating and using user-level tokens for all new integrations.
Step 1. Go to Settings -> Account -> API Tokens
Step 2: Click ‘Create new token’
Step 3: Enter the required details and select the minimum scopes needed for the token you are creating
Review your current tokens and plan to migrate any workflows that rely on organization-level tokens before they expire.
Why this change?
User-level tokens are generally better security practice, provide better traceability, and easier management.
Updated 22 days ago