Know every component. Own every AI governance gap.

Two focused products on one platform. SBOM files and governance answers stay on your device.

Browser-based · no data leaves your device
SPDX & CycloneDX · CVE mapping
EU AI Act · GDPR · NIST AI RMF · G7 · ISO/IEC 42001 · OECD
5 stakeholder reports · 32 governance questions

Your SBOM files and governance questionnaire answers are processed in the browser — they are not uploaded to our servers.

SBOM Analyzer — three steps

Upload a software bill of materials, match components to known vulnerabilities, and review findings with compliance context — in your browser.

1

Upload

Drop a CycloneDX or SPDX file. Processing runs locally — your SBOM is not sent to our servers.

Produces: Parsed component inventory ready for vulnerability lookup.
2

Match vulnerabilities

Components are checked against OSV.dev for known CVEs. Results appear in seconds with severity and package context.

Produces: A prioritized vulnerability list tied to each dependency.
3

Review & report

Explore findings, framework alignment (NTIA, NIST, and related supply-chain guidance), and stakeholder-ready views for security and compliance teams.

Produces: Actionable supply-chain risk intelligence you can share with engineering and leadership.
Open SBOM Analyzer

Try the demo Browser-based · no data leaves your device

AI Governance Review — five phases, one evidence package

A structured accountability workflow for deployed AI systems. Complete in one sitting or save progress and return — each phase builds on the last.

1

Define System

Name the AI system, describe its purpose, and classify its EU AI Act risk tier. The tool guides you through each field with plain-language explanations of why each one matters to regulators and auditors.

Produces: A formal system record with unique ID, risk classification, and accountable owner.
2

Component Inventory

Answer 32 guided questions across six governance domains: Models, Data, Vendors, Infrastructure, Controls, and Monitoring. Every question includes a "why this matters" explanation and regulatory tags — EU AI Act, GDPR, NIST AI RMF, G7 Hiroshima AI Process, ISO/IEC 42001, OECD AI principles, and SBOM-for-AI minimum elements (AI component transparency requirements).

Produces: A complete, structured evidence record across all six governance domains.
3

Gap Analysis

The gap register is generated automatically from your answers — no manual analysis on your part. Every gap includes its regulatory citation, the risk if left unaddressed, and exactly what evidence is needed to close it.

Produces: A regulatory-cited gap register organized by severity — Critical, Major, Minor.
4

Assess & Assign

For each gap, assign an owner, choose a remediation approach, and set a target date. This is where a list of findings becomes an action plan — ownership and target dates flow into every stakeholder report.

Produces: A working action plan with owners and dates embedded into every report.
5

Evidence Package

Generate five stakeholder-specific HTML reports from the single record you've built. The board report uses narrative and summary; the technical record includes every question and answer; the legal package focuses on GDPR and EU AI Act obligations; the CISO report covers control gaps, monitoring obligations, and remediation owners; the procurement review maps vendor accountability, contractual gaps, and AI supply chain risk.

Produces: Board report · Technical audit record · Legal/DPO package · CISO assessment · Procurement review.
Start AI Review

Browser-based · no account required · no data leaves your device

Built for teams who need defensible evidence

Governance, legal, security, and procurement stakeholders use TechnoSoluce when cited gap analysis and role-specific reports matter more than checkbox scores.

Governance & compliance

EU AI Act readiness reviews, NIST AI RMF gap registers, and board-ready posture summaries — with regulatory citations on every finding.

Security & engineering

CycloneDX and SPDX upload, OSV-backed CVE mapping, and supply-chain risk views — processed locally, without sending SBOM files to our servers.

Legal & procurement

GDPR and EU AI Act obligation packages, vendor accountability maps, and procurement reviews that surface contractual and AI supply chain gaps.

Part of the ERMITS intelligence platform — alongside VendorSoluce™ and CyberCorrect™.

Contact for a trial or scoping call FAQ