Upload a CycloneDX or SPDX SBOM for real CVE findings — or run a five-phase AI accountability review with stakeholder-ready evidence.
Two focused products on one platform. SBOM files and governance answers stay on your device.
Your SBOM files and governance questionnaire answers are processed in the browser — they are not uploaded to our servers.
Upload a software bill of materials, match components to known vulnerabilities, and review findings with compliance context — in your browser.
Drop a CycloneDX or SPDX file. Processing runs locally — your SBOM is not sent to our servers.
Components are checked against OSV.dev for known CVEs. Results appear in seconds with severity and package context.
Explore findings, framework alignment (NTIA, NIST, and related supply-chain guidance), and stakeholder-ready views for security and compliance teams.
Try the demo Browser-based · no data leaves your device
A structured accountability workflow for deployed AI systems. Complete in one sitting or save progress and return — each phase builds on the last.
Name the AI system, describe its purpose, and classify its EU AI Act risk tier. The tool guides you through each field with plain-language explanations of why each one matters to regulators and auditors.
Answer 32 guided questions across six governance domains: Models, Data, Vendors, Infrastructure, Controls, and Monitoring. Every question includes a "why this matters" explanation and regulatory tags — EU AI Act, GDPR, NIST AI RMF, G7 Hiroshima AI Process, ISO/IEC 42001, OECD AI principles, and SBOM-for-AI minimum elements (AI component transparency requirements).
The gap register is generated automatically from your answers — no manual analysis on your part. Every gap includes its regulatory citation, the risk if left unaddressed, and exactly what evidence is needed to close it.
For each gap, assign an owner, choose a remediation approach, and set a target date. This is where a list of findings becomes an action plan — ownership and target dates flow into every stakeholder report.
Generate five stakeholder-specific HTML reports from the single record you've built. The board report uses narrative and summary; the technical record includes every question and answer; the legal package focuses on GDPR and EU AI Act obligations; the CISO report covers control gaps, monitoring obligations, and remediation owners; the procurement review maps vendor accountability, contractual gaps, and AI supply chain risk.
Browser-based · no account required · no data leaves your device
Governance, legal, security, and procurement stakeholders use TechnoSoluce when cited gap analysis and role-specific reports matter more than checkbox scores.
Governance & compliance
EU AI Act readiness reviews, NIST AI RMF gap registers, and board-ready posture summaries — with regulatory citations on every finding.
Security & engineering
CycloneDX and SPDX upload, OSV-backed CVE mapping, and supply-chain risk views — processed locally, without sending SBOM files to our servers.
Legal & procurement
GDPR and EU AI Act obligation packages, vendor accountability maps, and procurement reviews that surface contractual and AI supply chain gaps.
Part of the ERMITS intelligence platform — alongside VendorSoluce™ and CyberCorrect™.