Release evidence for small .NET vendors

Turn your .NET release into a customer-ready compliance package.

Generate a CycloneDX SBOM, vulnerability summary, license risk report, and CRA readiness evidence — without uploading your source code.

  • No source code upload
  • Local CLI scan
  • Customer-ready ZIP package
Request Sample Report + Beta Access

No source code required. We only need dependency metadata or a local CLI scan output.

evidence-package.zip

Sample CRA readiness score

Evidence pack generated from dependency metadata.

87/100
SBOM
Vulns
Licenses
CRA

Example output preview

CRA timing

CRA is no longer a future problem.

The EU Cyber Resilience Act is already in force. Vulnerability reporting obligations start in 2026, and full CRA obligations apply from 2027. Small software vendors need repeatable evidence workflows before customers and procurement teams start asking.

This product supports technical analysis and documentation workflows. It does not provide legal advice.

Procurement blocker

Security evidence is becoming part of the sale.

Small software vendors are increasingly asked by enterprise customers and procurement teams for SBOMs, vulnerability summaries, license risk information, and compliance evidence. Raw scanner output is not enough when a customer needs something they can review, share, and archive.

Step 1

Customer asks for SBOM

Step 2

Procurement sends a security questionnaire

Step 3

Security team asks for vulnerability evidence

Step 4

Vendor prepares documents manually

Step 5

Raw scanner output is not customer-ready

Tools can find vulnerabilities. Procurement teams usually need something different: clear files, readable summaries, and a repeatable evidence package for each release.

Want to see what your report could look like?

Request a sample compliance report and see the format before joining the private beta.

Request a sample report

When it helps

When do you need this?

+

An enterprise customer asks for an SBOM

+

Procurement sends a security questionnaire

+

You are preparing an EU customer release

+

You need license and vulnerability evidence before delivery

+

You do not want to upload your source code to a SaaS scanner

+

You need a repeatable compliance package for every release

What is inside

What you get in the compliance package

Instead of sending raw scanner output to your customer, you get a structured evidence package that is easier to review, share, and archive.

ZIP

One export. Five procurement-ready artifacts.

Attach the package to release notes, a customer security questionnaire, or your sales-room evidence folder.

sbom.cdx.json

CycloneDX SBOM

vulnerability-report.pdf

Known vulnerability summary

license-risk-report.pdf

Dependency license risk overview

cra-readiness-checklist.pdf

Technical readiness checklist

dependency-inventory.csv

Human-readable dependency inventory

Differentiation

Not another vulnerability scanner.

Most tools stop at finding issues. ComplyDX focuses on turning dependency and security data into customer-ready documentation for small .NET software teams.

Traditional scanners

  • Find vulnerabilities
  • Produce technical output
  • Require manual cleanup before sharing

ComplyDX

  • Creates customer-ready reports
  • Packages SBOM, licenses, vulnerabilities, and readiness evidence
  • Works without uploading source code
  • Designed for small .NET vendors

Positioning

Built for small .NET vendors selling to serious customers.

Designed for B2B SaaS teams, software agencies, and independent vendors that need to respond to customer security, procurement, or compliance requests faster.

Request a sample report

Private beta

Get a sample compliance report

Join the private beta and receive a sample report format you can use to understand what your customer-ready evidence package will look like.

We will not ask for your source code.

We'll only use your details to send the sample report and beta information.