OSCRAT Tool

The OSCRAT tool empowers SMEs to comply with the EU’s Cyber Resilience Act using open-source solutions—helping them assess risks, implement security measures, and stay compliant while reducing costs and technical barriers.

The OSCRAT tool is launching soon!

Pre-register now and secure your early access!

I consent to the processing of my data and declare that i have read the Privacy Policy.

The OSCRAT Tool

SBOM Generation: integration into the security pipeline to track the build process, enhance security and the risk of data corruption;

Vulnerability Assessment: we utilize the Open Vulnerability and Assessment Language (OVAL) for publicly accessible security information, covering various operating systems with available public OVAL streams;

Incident Response: The OpenSSF OSS-SIRT Special Interest Group guides SMEs on incident management according to international standards and reports incidents to ENISA, EU CyCLONe, and others;

Identifying and evaluating vulnerabilities continuously, allocating and overseeing corrective measures. This will help provide resilient compliance management, which will include the inclusion of compliance and risk into the development pipeline, and the management of compliance and risk treatment actions. It will also provide an overall action management to track actions from all other modules;

Documentation Centralization: OSCRAT will create a centralized repository for digital product documentation, including Conformity Assessment Reports, SBOM reports, Vulnerability Disclosure Policies, Incident Reports, and Certifications of Conformity. This comprehensive approach enhances transparency and facilitates compliance for SMEs

Self-Assessment and Third-Party Audits: SMEs will be able to do self-assessments and give auditors access to collected evidence from OSCRAT tools. This will lead to a conformity certificate.