Skip to main content

The OCCTET Toolchain: built for SMEs, powered by open source

At the heart of the OCCTET Project lies a clear goal: to make cybersecurity and compliance with the EU Cyber Resilience Act (CRA) accessible for Small and Medium Enterprises (SMEs), especially those relying on Open Source Software (OSS).

OCCTET transforms the often complex process of software compliance into a practical and guided experience, using a suite of interconnected open-source tools known as the OCCTET Toolchain.

occtet Toolchain

Powered by Eclipse Apoapsis

The OCCTET Toolchain is built on Eclipse Apoapsis, an open-source ecosystem developed under the leadership of the Eclipse Foundation, which also coordinates the OCCTET Project.
Eclipse Apoapsis was designed to make compliance management and software assurance easier, providing a framework for tools that analyse, document, and improve software quality and trustworthiness.

By using Apoapsis as its foundation, OCCTET ensures that all its tools are:

Following open standards that SMEs can trust and adapt.

OSS Review Toolkit (ORT) Server

The OSS Review Toolkit (ORT) is the first step in the OCCTET Toolchain.
It automatically scans and analyses your software to identify all open-source components and their associated licenses, security vulnerabilities, and dependencies.

Through the ORT Server, SMEs can:

This helps SMEs replace manual reviews with automated insights, saving both time and effort while staying aligned with CRA requirements.

OCCTET Curator

The OCCTET Toolchain also integrates the OCCTET Curator, developed by Bitsea.
This component plays a key role in managing and refining the compliance data pipeline, ensuring that the information collected from multiple tools is accurately processed and transformed into practical insights for SMEs.

The Curator works hand-in-hand with ORT, helping users interpret technical findings and translate them into actionable results.
It analyses complex datasets to highlight what truly matters and produces key compliance documents such as:

In short, the OCCTET Curator bridges the gap between technical teams and decision-makers, turning raw technical data into clear, business-ready outputs that help SMEs act faster and smarter on cybersecurity compliance.

The OCCTET Curator is open source and freely available on GitHub, offering transparency and flexibility for developers who wish to explore, adapt, or contribute to its development.
It includes ready-to-use scripts for building the Dockerfile, with a well-documented configuration in the docker-compose.yml file to facilitate deployment and integration within the broader OCCTET ecosystem.

Federated OSS Assessment Database

Knowledge grows when it is shared.

The Federated Database within OCCTET connects multiple reliable data sources across Europe, consolidating information on open-source software components, including security status, provenance, and known vulnerabilities.

This shared infrastructure ensures that every SME benefits from verified, up-to-date information, building a stronger, more resilient European software ecosystem.

Putting It All Together

The OCCTET Toolchain, powered by Eclipse Apoapsis, combines these tools into a single, SME-friendly ecosystem that:

The OCCTET Toolchain represents a community effort to make cybersecurity accessible, practical, and rooted in open collaboration.
As development continues, the project will keep evolving based on feedback from SMEs, developers, and industry experts — ensuring that every new feature reflects real-world needs.

Together, we are building a safer and more transparent digital landscape,
one where compliance is not a burden but a driver of trust and innovation.

Back to the top