ORT Server: An open source platform to automate CRA checks
Session Abstract
The ORT Server is a platform building on the renown OSS Review Toolkit to automate software compliance checks in a scalable and enterprise-ready way. This talk gives an overview of how to use the ORT Server to deal with obligations of the Cyber Resilience Act (CRA) specifically.
Session Description
It is challenging esp. for small to medium enterprises (SMEs) to understand and deal with the obligations from the Cyber Resilience Act (CRA). While commercial solutions exist, these usually come at a high cost and the risk of a vendor lock-in. This talk provides an overview of how the open source ORT Server platform can help here.
The talk will start with a bit of history of the OSS Review Toolkit and ORT Server projects, how they relate to each other, who the target audiences are, and highlight some technical differences between the two solutions.
While the ORT Server also has a REST API, the talk will then focus on using its dedicated UI for making the complex compliance topic and legal workflows more accessible to less technical users. At a concrete example project, the talk will guide through how to deal with vulnerabilities and other policy rule violations found in a way that fulfills CRA requirements.
Finally, an outlook will be given over the upcoming and planned features for ORT Server, extending it a general platform to automate software compliance checks including and beyond other regulations like NIS2 and DORA.
