2026-03-16 –, bUm Box
The ORT Server is a platform building on the renown OSS Review Toolkit to automate software compliance checks in a scalable and enterprise-ready way. This talk gives an overview of how to use the ORT Server to deal with obligations of the Cyber Resilience Act (CRA) specifically.
It is challenging esp. for small to medium enterprises (SMEs) to understand and deal with the obligations from the Cyber Resilience Act (CRA). While commercial solutions exist, these usually come at a high cost and the risk of a vendor lock-in. This talk provides an overview of how the open source ORT Server platform can help here.
The talk will start with a bit of history of the OSS Review Toolkit and ORT Server projects, how they relate to each other, who the target audiences are, and highlight some technical differences between the two solutions.
While the ORT Server also has a REST API, the talk will then focus on using its dedicated UI for making the complex compliance topic and legal workflows more accessible to less technical users. At a concrete example project, the talk will guide through how to deal with vulnerabilities and other policy rule violations found in a way that fulfills CRA requirements.
Finally, an outlook will be given over the upcoming and planned features for ORT Server, extending it a general platform to automate software compliance checks including and beyond other regulations like NIS2 and DORA.
Sebastian Schuberth is an Open Source evangelist and automation enthusiast. He has more than 20 years of experience with contributions to and maintenance of Open Source projects on the one hand, and crafting proprietary software on the other hand.
Consequently, Sebastian aims to bridge the gap between the Open Source and commercial worlds by working with companies to properly make use of Open Source software, contributing back, and applying Inner Source principles. As a founder of the OSS Review Toolkit project, a central part of his work at Double Open is to provide a SaaS solution to automate software compliance checks to fulfill requirements like those from the Cyber Resilience Act (CRA) and other regulations.
Martin Nonnenmacher is a Lead Engineer at Double Open, where he focuses on automating all aspects of open source compliance.
He has been an active contributor to the OSS Review Toolkit (ORT) since its inception in 2017 and serves on the project’s Technical Steering Committee. Martin is also a project lead of the Eclipse Apoapsis project, which develops the ORT Server - a project that adds the missing components to make ORT enterprise-ready.
Passionate about user experience, Martin strives to create tools that make the complex field of open source compliance simple and accessible. Coming from a Java background, he has become an enthusiastic advocate of Kotlin.