Veilige software bouwen voor
lynkctl, Interlynk's commercial generator, understands your build and emits CycloneDX or SPDX SBOMs with per-component evidence, deterministic output, and a fully air-gapped runtime. Built for teams shipping under FDA, EU CRA, and ISO/SAE 21434.
Veelgestelde vragen
Embedded C/C++ breaks every SBOM tool built for the package-manager world.
Meer vragen? Neem nu contact met ons op.
lynkctl is none of the above. It's a post-build generator that runs after your existing build is done — no rebuild, no invasive integration, no whole-tree guessing — and produces a structured SBOM with per-component evidence. Built for IoT, automotive, and medical-device teams shipping under audit.
Veelgestelde vragen
Toolchain-native, top to bottom
lynkctl names what it reads: GNU Make, CMake, and IAR Embedded Workbench at the build-system layer — and underneath, the actual gcc, clang, ld, iccarm, and ilink invocations they emit. Not a generic source scanner.
Evidence and confidence on every component
Every component lynkctl emits carries an evidence record: the source file, the compile line, the include path, and a confidence tier. When we're unsure, we tell you, in the SBOM and in the diagnostics.
Deterministic and reviewable
The same source tree produces a byte-identical SBOM. No embedded timestamps, no randomized component order. Your release pipeline can diff two SBOMs and trust what changed.
Embedded open-source software index, air-gapped runtime
Vendored code is fingerprinted against our purpose-built open-source software index for embedded C/C++ — FreeRTOS, lwIP, Mbed TLS, FatFs, and the long tail — curated by Interlynk and refreshed weekly. The index ships with lynkctl and runs fully offline. No network calls; same behavior in a dev laptop or a SCIF.
Veelgestelde vragen
Does it work with your toolchain?
Two layers of support: the build system your team ships with, and the compilers and linkers it actually invokes. Here's what's shipping today, and what's coming next.
Build systems
GNU Make
Makefile-driven C/C++ projects.
CMake
Generates Make, Ninja, or IDE projects from CMakeLists.txt.
IAR Embedded Workbench
Proprietary embedded IDE and toolchain; .ewp project files.
Eclipse
IN THE WORKS
Eclipse CDT-based embedded IDEs.
Keil µVision
IN THE WORKS
ARM Cortex-M development environment.
TI Code Composer Studio
IN THE WORKS
Code Composer Studio for TI MCUs.
Compilers & linkerS
gcc
Compiler · GNU
clang
Compiler · LLVM frontend
LLVM
Compiler infra · underlies Clang
ld
Linker · GNU
iccarm
Compiler · IAR for ARM
ilink / ilinkarm
Linker · IAR
Source control
Git
Component origin from .git repositories.
Git submodules
Submodule pointers resolved to upstream sources with commit pinning.
SVN
IN THE WORKS
Subversion repositories.
REGULATED INDUSTRIES
Built for products that ship under audit.
FDA · 524B
Medical devices
FDA premarket submissions now require an SBOM under section 524B. lynkctl produces CycloneDX output with the evidence trail an auditor expects, and runs entirely on-premises so device firmware never leaves your build environment.
EU · CRA
Industrial & consumer
The EU Cyber Resilience Act requires manufacturers to maintain an SBOM across the supported lifecycle of every product. lynkctl's deterministic output and confidence scoring make CRA Annex I evidence reviewable, not just present.
ISO/SAE 21434 · UN R155
Automotive
Tier-1 and OEM suppliers face SBOM requirements down to the ECU. lynkctl's IAR and CMake providers cover the toolchains most automotive embedded teams already use, without rewriting the build.
WHERE LYNKCTL FITS
Common approaches to embedded SBOMs.
Source SCA tools fall into one of the three failure modes described above. Binary analysis is a different lane entirely — useful for opaque firmware, no help when you control the source. lynkctl is the fourth path: post-build, build-system-aware, no rebuild required.
FDA · 524B
Want to do it yourself? We have an open-source option too.
Not every codebase fits a build-time introspector. Maybe your build system is exotic. Maybe most of your components are vendored, patched, or hand-stitched from upstream sources. Maybe you just want full editorial control over what ends up in the SBOM — without a commercial license in the loop.
bomtique is our open-source toolkit for hand-authored SBOMs. You write a small, reviewable manifest of your components; bomtique emits a deterministic CycloneDX or SPDX SBOM from it. Same reviewable evidence mindset as lynkctl, same air-gapped runtime, completely under your control. Apache 2.0, on GitHub.
THE INTERLYNK STACK
Generation is one piece. The rest of the lifecycle lives in Interlynk too.
lynkctl plugs into the rest of our stack: open-source tools for SBOM quality, assembly, and hand-curation, and the Interlynk platform for SBOM and VEX management across the product lifecycle. CycloneDX-native across the board.
lynkctl
COMMERCIAL
SBOM generator for embedded C/C++ toolchains. This page.
bomtique
OSS
Hand-authored SBOMs for projects where introspection won't fit.
sbomqs
OSS
SBOM quality scoring — verify what you produce.
sbomasm
OSS