Question 1

What is a Software Bill of Materials (SBOM)?

Accepted Answer

An SBOM is a complete inventory of all components, libraries, and dependencies in a software product. OtterSight generates CycloneDX 1.6 SBOMs automatically with every scan.

Question 2

What is the EU Vulnerability Database (EUVD)?

Accepted Answer

The EUVD is operated by ENISA (EU Agency for Cybersecurity) and provides vulnerability data relevant to the European market. OtterSight is the only SCA scanner integrating EUVD data.

Question 3

How does OtterSight compare to Dependabot or Snyk?

Accepted Answer

OtterSight focuses on SCA with EUVD integration, CycloneDX SBOMs, EPSS+KEV scoring, and 300+ notification channels. Unlike Dependabot, it generates SBOMs. Unlike Snyk, it requires no sales process and hosts data in the EU.

Question 4

Is OtterSight GDPR compliant?

Accepted Answer

Yes. All data is hosted on Hetzner in Germany. No customer source code is stored — repositories are cloned ephemerally for scanning and deleted immediately after.

Question 5

Is there a free tier or open-source version?

Accepted Answer

Yes. The OtterSight CLI (@ottersight/cli) is open-source under MIT license. The hosted service offers a free tier with 3 repositories. Founding Members get a locked rate of EUR 5/mo forever — limited to 100 spots.

OtterSight: Know what’s inside your software.

Connect repo

Automatic scanning

Instant alerts

The only SCA scanner with EU Vulnerability Database.

Become a Founding Member

Get early access