We shipped ScortonJS CLI (MIT, 450 weekly downloads) to make security checks and EU compliance mapping runnable from the terminal. Supports: scan, audit, score; compliance (dora|nis2|both); report generation.
Goal: lightweight audits that emit a publishable markdown/PDF report for client reviews or insurance underwriting—no vendor lock‑in, clear pass/fail + score.
Ask: Which signals and formats actually unblock you—code/deps/infra/behavior, and is SARIF/JUnit/SPDX enough?
For EU teams, what’s the minimum NIS2/DORA mapping you need to ship?
runtimepanic•25m ago
For SMEs, clarity and actionable output are the most important signals. Having a simple CLI that emits SARIF/JUnit for automated pipelines is great, but adding a minimal “human readable summary” with clear pass/fail thresholds and context for compliance checks can make a huge difference in adoption.
Curious if you’ve considered automated mapping of dependencies to NIS2/DORA clauses, or if you leave that for post-scan review.
bacelyy•32m ago
Goal: lightweight audits that emit a publishable markdown/PDF report for client reviews or insurance underwriting—no vendor lock‑in, clear pass/fail + score.
Quick start: npx scortonjs-cli scan <tool> <target> • npm i scortonjs-cli
Repo: github.com/scorton/scortonjs npm: npmjs.com/package/scortonjs-cli
Ask: Which signals and formats actually unblock you—code/deps/infra/behavior, and is SARIF/JUnit/SPDX enough?
For EU teams, what’s the minimum NIS2/DORA mapping you need to ship?