Your SBOM never leaves your browser.
Reports you can stand behind.
TechnoSoluce processes all software supply chain analysis client-side. No inventory upload. No server-side storage of your component data. One analysis, six defensible report views.
How TechnoSoluce protects your data
Four core principles that define how we handle your software supply chain data.
Client-side processing
Your SBOM files are parsed, analyzed, and scored entirely in your browser. Component data, vulnerability mappings, and framework gap analysis never touch our servers.
- SPDX 2.3 and CycloneDX 1.5 parsed locally
- Six report views generated in-browser
- No network request carries your component inventory
Data minimization
We collect only what is strictly necessary. Account creation stores your email and license tier. Report metadata (timestamp, ecosystem summary) is optionally persisted — your component detail stays local.
- No default harvesting of your software inventory
- Export-first artifacts (JSON, PDF, shareable links)
- Clear separation of anonymous scoring vs saved records
Output integrity & traceability
Reports are deterministic — the same SBOM always produces the same analysis. Every risk score, framework gap, and vulnerability finding links back to the source component and the standard it maps to.
- Reproducible scoring — no black-box AI adjustments
- CVSS scores sourced from OSV and NVD
- Framework gaps cited with standard clause references
SBOM Library sourcing
The SBOM Library is populated from public package registries (npm, PyPI, Maven, Cargo, Go). Vulnerability data comes from the Open Source Vulnerabilities (OSV) database — a publicly verifiable source.
- Sourced only from official public registries
- CVE data from OSV.dev — fully open and auditable
- No proprietary intelligence injected without disclosure
What we won't do
Trust is as much about constraints as features. These are the commitments that define our limits.
No server-side SBOM storage
We will not upload, store, or index your component inventory on our infrastructure without your explicit opt-in.
No selling of scan data
Your analysis results, vulnerability findings, and framework gaps are never sold or shared with third parties.
No black-box scoring
All risk scores are derived from documented algorithms and publicly available data — no opaque AI adjustments.
No "checkbox compliance"
Outputs are evidence-backed artifacts with component-level traceability — not scores without citations.
No vendor lock-in
All reports export to standard formats (SPDX JSON, CycloneDX JSON, PDF). Your data is always portable.
No hidden telemetry
No background capture of component names, version ranges, or dependency graphs from your SBOM files.
Standards alignment
TechnoSoluce output is grounded in published, auditable standards — not proprietary frameworks.
TechnoSoluce validates SBOMs against the NTIA minimum element requirements — supplier, component name, version, unique identifier, dependency relationships, author, and timestamp. Missing elements are flagged in the completeness report.
Supply chain risk management practices mapping covers C-SCRM controls across acquisition, development, and operational tiers. Gap analysis cites specific control IDs from the published NIST document.
Full SPDX 2.3 parsing and generation. Field completeness is scored against the SPDX specification. Generated SBOMs pass SPDX spec validation without proprietary extensions.
CycloneDX 1.5 support including component metadata, service definitions, and vulnerabilities sections. Output validates against the official CycloneDX JSON schema without extensions.
All vulnerability data sourced from OSV.dev — an open, community-maintained database. CVSS v3.1 scores presented as-published without modification. You can independently verify any finding at osv.dev.
Part of a coordinated trust posture
TechnoSoluce integrates naturally with the other ERMITS intelligence products — each with its own Trust page and the same data minimization principles.
Third-party vendor risk — evidence-first governance with procurement-ready workflows. NIST SP 800-161 aligned.
View Trust page →Privacy intelligence — privacy by design, client-side processing, defensible GDPR/CCPA outputs.
View Trust page →Software supply chain intelligence — client-side SBOM analysis, six report views, zero data upload.
This pageStart with your own SBOM
No sign-up required for the sample walkthrough. Upload your own SBOM to the live app and see six stakeholder-ready reports in seconds — all processed in your browser.