Product features

One analysis. Six stakeholder report views.

Upload any SBOM (or generate one from a manifest). TechnoSoluce produces six tailored reports — all processed client-side, zero data sent to our servers.

Try the Live App See How it Works

Everything in one platform

From SBOM generation to board-level risk reports — five core capabilities, all running in your browser.

Six Report Views

One analysis produces tailored reports for Executive, Risk, Technical, Compliance, Procurement, and Legal stakeholders.

Explore reports →

STEEL Radar

A qualitative radar view across Security, Technology, Economic, Executive, and Legal dimensions — see relative positioning without a single score.

Explore the radar →

Real-Time CVE Intelligence

Live OSV.dev integration queries Google's Open Source Vulnerability database — no stale CVE snapshots, no third-party data fees.

How vulnerability data works →

SBOM Generation

No SBOM? Upload a manifest (package.json, pom.xml, requirements.txt, go.mod, Cargo.toml) and get a standards-compliant SBOM in seconds.

Supported formats →

SBOM Library

10,000+ pre-built SBOMs from npm, PyPI, Maven, Go, and Rust registries — browse by application category and use as procurement baselines.

Browse the library →

Multi-Framework Compliance

Automated mapping to NTIA EO 14028, NIST CSF, ISO 27001:2022, HIPAA, PCI-DSS, CMMC, and FedRAMP — with gap analysis and audit exports.

See frameworks covered →

Six Report Views

The same SBOM analysis powers six tailored reports. Each stakeholder gets exactly the right level of detail — from board-level risk summaries to line-by-line CVE remediation.

! Key challenges

Executives need clear, business-language risk summaries — not raw CVE lists — to make strategic decisions and justify security investments.

  • Understanding business impact of supply chain risks
  • Translating technical vulnerabilities into financial exposure
  • Justifying security investments to the board
  • Demonstrating regulatory readiness to auditors

Executive Summary Report

Board-ready risk overview with financial exposure estimates, strategic recommendations, and a STEEL Radar view — no technical background required.

See Executive Report
  • Overall risk score and business impact summary
  • Financial exposure and liability estimates
  • Strategic remediation recommendations
  • Regulatory compliance status at a glance

STEEL Radar

A qualitative radar view across five dimensions — so executives, risk officers, and procurement teams see relative positioning without relying on a single composite score.

S
Security

CVE severity, CVSS scores, exploitability vectors, unpatched critical count

T
Technology

Component freshness, EOL risk, SBOM completeness against NTIA minimums

E
Economic

Financial exposure from breach scenarios, remediation cost estimates

E
Executive

Board-level risk positioning, strategic remediation priority

L
Legal

License obligation exposure, regulatory liability, compliance framework gaps

Qualitative positioning, not a single number

The STEEL Radar shows relative strength across dimensions. A single score may not reflect real positioning; the radar gives a clearer picture for comparison.

Trend tracking over time

Run the same SBOM through multiple analysis cycles to see how the radar profile changes as vulnerabilities are patched and components are updated.

Export-ready for board presentations

The STEEL Radar view exports to PDF for discussion with the board or auditors. Methodology is under development and not yet validated.

Real-Time CVE Intelligence

Live OSV.dev integration queries Google's Open Source Vulnerability database in real time. No stale CVE snapshots. No third-party data fees. No component data sent to our servers.

5 ecosystems

npm, PyPI, Maven, Go, Rust — all queried live via the OSV.dev API

CVSS v3.1 + v2

Full CVSS scoring including base, temporal, and environmental vectors

Zero data exposure

CVE queries are by package name + version only — your SBOM inventory never leaves your browser

Publicly verifiable

Every CVE finding links back to its source on osv.dev — independently verifiable, no proprietary scoring

SBOM Generation from Manifests

Don't have an SBOM? Upload any manifest file and TechnoSoluce generates a standards-compliant CycloneDX 1.5 or SPDX 2.3 SBOM automatically — entirely in your browser.

package.json

Node.js / npm projects

requirements.txt / pyproject.toml

Python / PyPI projects

pom.xml

Java / Maven projects

go.mod

Go modules

Cargo.toml

Rust / Cargo projects

Or upload an SBOM

Accepts CycloneDX JSON/XML and SPDX JSON/RDF

Generate an SBOM now

CycloneDX 1.5 output

Generated SBOMs pass the official CycloneDX JSON schema validation without proprietary extensions. Includes components, vulnerabilities, and service definitions sections.

SPDX 2.3 output

Full SPDX 2.3 compliance — all required fields populated, SPDX identifiers assigned, relationship graph included. Passes SPDX spec validation.

NTIA completeness validation

Every generated SBOM is checked against the seven NTIA minimum element requirements. Missing or incomplete fields are flagged in the completeness report.

SBOM Library

10,000+ pre-built SBOMs from the most popular open-source packages — organized by application category so procurement teams can quickly find relevant baselines.

Browse by application category

Packages are categorized by application type — web frameworks, databases, security tools, ML/AI, DevOps, and more — making it fast to find relevant baselines.

Web Frameworks Databases ML / AI DevOps Security

5 ecosystems covered

SBOMs sourced directly from official registries: npm, PyPI, Maven Central, pkg.go.dev, and crates.io — verified metadata, no third-party intermediaries.

  • npm (JavaScript / TypeScript)
  • PyPI (Python)
  • Maven Central (Java / JVM)
  • pkg.go.dev (Go)
  • crates.io (Rust)

Use as procurement baselines

No SBOM from a vendor? Find their key open-source components in the library, run analysis, and establish a security baseline for procurement evaluation.

Browse the Library

Multi-Framework Compliance Mapping

Automated gap analysis against eight major frameworks — each gap cites the specific control clause and links to the relevant component in your SBOM.

NTIA
EO 14028 Minimum Elements

All seven minimum elements validated: supplier, component, version, unique ID, dependency relationships, author, timestamp.

NIST
CSF 2.0 + SP 800-161

All five CSF functions: Identify, Protect, Detect, Respond, Recover — plus C-SCRM controls from SP 800-161 Rev. 1.

ISO
27001:2022

Supply chain security controls from Annex A — mapped to specific SBOM components and evidence narratives.

SPDX / CycloneDX
Format Standards

SPDX 2.3 and CycloneDX 1.5 field completeness scoring — outputs validate against published schemas without extensions.

HIPAA
§164 Technical Safeguards

Software risk mapping for healthcare organizations required to protect ePHI transmission and storage.

PCI-DSS
v4.0 Requirements 6 & 12

Secure software development and supply chain risk management requirements for payment card environments.

CMMC
2.0 Level 2

Software supply chain practices for DoD contractors handling CUI — mapped to NIST SP 800-171 controls.

FedRAMP
Rev. 5 SA & SI Controls

System and Services Acquisition + System and Information Integrity controls for federal cloud authorization.

All of this runs in your browser

SBOM parsing, vulnerability queries, risk scoring, compliance mapping, and report generation are all client-side. Your component inventory never leaves your browser. See how we handle your data on our Trust page.

Trust page Try the Live App