Enterprise Software Supply Chain Manager (ESSCM)IntegrationsBinary Files
Binary Files
Generate SBOMs from compiled binaries, executables, and mobile apps
Binary Files Integration
Generate Software Bills of Materials from compiled binaries without access to source code. Safeguard.sh analyzes executables, libraries, and mobile applications to identify embedded dependencies.
Overview
Binary analysis is useful when:
- Source code is not available
- Analyzing third-party software
- Verifying shipped binaries match source
- Scanning mobile applications
- Auditing legacy software
Supported Binary Types
| File Type | Extensions | Description |
|---|---|---|
| Windows Executable | .exe | Windows applications |
| Windows Installer | .msi | Windows installer packages |
| Windows Library | .dll | Windows dynamic-link libraries |
| Android Package | .apk | Android applications |
| Android Bundle | .aab | Android App Bundles |
| iOS Application | .ipa | iOS applications |
| Java Archive | .jar, .war, .ear | Java applications and libraries |
| Linux Executable | ELF | Linux binaries |
| macOS Application | .app, .dmg | macOS applications |
Upload Process
Step 1: Navigate to Integrations
- Go to the Integrations page
- Click Connect on the Binary Upload card
Step 2: Enter Project Details
| Field | Description |
|---|---|
| Project Name | Name for this binary analysis |
| Version | Version identifier (e.g., 1.0.0) |
| Description | Optional description |
Step 3: Upload Binary
- Drag and drop your binary file, or click Browse to select
- Supported file size: Up to 2GB
- Wait for upload to complete
Step 4: Review and Submit
- Review the file details
- Click Upload Binary
- You'll be redirected to the Projects page
Analysis Process
After upload, Safeguard.sh performs:
- File Extraction - Unpacks archives and installers
- Dependency Detection - Identifies embedded libraries
- Version Identification - Determines component versions
- Vulnerability Mapping - Matches components to CVE database
- License Detection - Identifies embedded license information
Processing time varies:
- Small binaries (< 50MB): 2-5 minutes
- Medium binaries (50-500MB): 5-15 minutes
- Large binaries (> 500MB): 15-60 minutes
Windows Executables
Supported Formats
- PE (Portable Executable) - .exe, .dll
- MSI - Windows Installer packages
- .NET assemblies - Managed code applications
What's Detected
- Embedded DLLs and libraries
- .NET NuGet packages
- Native dependencies
- Manifest information
- Digital signatures
Example Upload
myapplication.exe (45 MB)
├── embedded: sqlite3.dll (3.39.0)
├── embedded: libcurl.dll (7.84.0)
├── .NET: Newtonsoft.Json (13.0.1)
├── .NET: System.Text.Json (6.0.0)
└── ...Android Applications (APK/AAB)
Supported Formats
- APK - Android Package files
- AAB - Android App Bundles
What's Detected
- Java/Kotlin dependencies
- Native libraries (.so files)
- Gradle dependencies
- Third-party SDKs
- Manifest permissions
Example Upload
myapp.apk (85 MB)
├── Java: com.google.firebase:firebase-core (21.1.0)
├── Java: androidx.appcompat:appcompat (1.5.1)
├── Native: libsqlite.so
├── Native: libcrypto.so (OpenSSL 1.1.1)
└── ...iOS Applications (IPA)
Supported Formats
- IPA - iOS Application Archive
What's Detected
- CocoaPods dependencies
- Swift Package Manager dependencies
- Embedded frameworks
- System frameworks usage
Example Upload
myapp.ipa (120 MB)
├── Pod: Alamofire (5.6.4)
├── Pod: Firebase/Core (9.6.0)
├── Framework: WebKit
├── Framework: CoreData
└── ...Java Archives (JAR/WAR/EAR)
Supported Formats
- JAR - Java Archive
- WAR - Web Application Archive
- EAR - Enterprise Archive
What's Detected
- Maven/Gradle dependencies
- Embedded JARs
- MANIFEST.MF information
- License files
Example Upload
myapp.war (200 MB)
├── JAR: spring-boot-starter-web (2.7.5)
├── JAR: jackson-databind (2.13.4)
├── JAR: logback-classic (1.2.11)
├── JAR: hibernate-core (5.6.12)
└── ...CLI Upload
Upload binaries using the CLI:
# Upload a binary file
safeguard binary upload --file myapp.exe --name "My Application" --version "1.0.0"
# Upload with project assignment
safeguard binary upload --file myapp.apk --name "Mobile App" --version "2.0.0" --org my-org
# Check upload status
safeguard project status --name "My Application" --version "1.0.0"API Upload
Upload via REST API:
# Get upload URL
curl -X POST https://api.safeguard.sh/v1/binary/upload-url \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{"filename": "myapp.exe", "name": "My Application", "version": "1.0.0"}'
# Upload file to returned URL
curl -X PUT "$UPLOAD_URL" \
-H "Content-Type: application/octet-stream" \
--data-binary @myapp.exeBest Practices
Before Upload
- Verify file integrity - Ensure file is complete and not corrupted
- Use release builds - Debug builds may have different dependencies
- Document version - Use accurate version information
- Check file size - Large files take longer to analyze
Organization
- Consistent naming - Use consistent project naming conventions
- Version tracking - Upload each release version separately
- Document source - Note where binaries came from
Security
- Trusted sources - Only upload binaries from trusted sources
- Malware scan - Scan binaries for malware before upload
- Access control - Limit who can upload binaries
Limitations
- Obfuscated code - Heavily obfuscated binaries may have incomplete results
- Custom compression - Non-standard compression may not be supported
- Encrypted content - Encrypted sections cannot be analyzed
- Very old formats - Legacy formats may have limited support
Troubleshooting
"Unsupported file format"
- Verify file extension matches content
- Check file is not corrupted
- Try re-downloading the binary
"Analysis failed"
- File may be corrupted
- File may use unsupported compression
- Contact support with file details
"No dependencies found"
- Binary may be statically linked
- Dependencies may be obfuscated
- Try analyzing individual components