Six Compliance Modules
Everything you need to meet your EU Cyber Resilience Act obligations — assessment, reporting, SBOM, vulnerabilities, disclosure, and board reporting.
CRA Assessment
Guided 12-question wizard to determine if the CRA applies, your product classification (Default / Class I / Class II / Critical), and your conformity route. Export a branded PDF for auditors.
Learn more →Incident Reporting
ENISA-compliant Article 14 workflows with stage-gated forms: early warning (24h), detailed report (72h), and final report. Automated email alerts at configurable thresholds before each deadline.
Learn more →SBOM Generation
Automated CycloneDX SBOM creation from GitHub repositories or ZIP uploads, with version tracking, diff analysis, and per-product scan history.
Learn more →Vulnerability Scanning
Continuous scanning against NVD, EUVD, OSV, and GitHub Advisory databases. EPSS exploitation-probability scoring, VEX statement generation, and per-product risk dashboards.
Learn more →Vulnerability Disclosure Portal
A public-facing disclosure page for each product — no account required for reporters. Submissions auto-create Article 14 incidents. Analysts triage, add notes, and link disclosures directly to the incident record.
Learn more →Board Compliance Reports
On-demand PDF reports designed for board-level review. Covers overall RAG status, per-product posture, risk exposure, 6-month trend charts, and upcoming Article 14 deadlines in the next 90 days.
Learn more →