Trace-AI

Trace-AI: Know What You Ship. Trust What You Depend On.

Trace-AI is a powerful tool designed to help teams shipping software to enterprise environments ensure the security and compliance of their dependencies. It provides real-time Software Bill of Materials (SBOMs), exploit-aware risk scoring, and license compliance directly from your repositories.

Benefits

Real-time SBOMs

Trace-AI generates accurate CycloneDX and SPDX SBOMs from your CI/CD pipeline. It continuously tracks both direct and transitive dependencies, providing a comprehensive view of your software components.

Exploit-aware Scanning

Unlike traditional vulnerability scanners that dump all CVEs, Trace-AI prioritizes vulnerabilities that are actually exploitable. This helps teams focus on real risks by providing full context and integrating multiple threat intelligence sources.

Vendor Visibility

Trace-AI tracks APIs, SDKs, SLA expiry, and breach history alongside your code dependencies. This holistic view ensures that you have complete visibility into your software supply chain.

Real-time Security Posture

Trace-AI provides a breakdown of critical, high, medium, and low exposure risks in one place. As your code evolves, you can watch how risk changes over time. The platform offers direct vs. transitive severity tags and project context to help you understand your security posture.

Clarity Without the Noise

Every package, CVE, and version is displayed in one view, ensuring there is no black box. The platform is built for developers, providing a clear and comprehensive view of your software components and their associated risks.

License Compliance Made Simple

Trace-AI identifies GPL, LGPL, and other copyleft licenses instantly. This helps avoid surprises during enterprise reviews and ensures compliance with licensing requirements.

Use Cases

Trace-AI is ideal for teams shipping software to enterprise environments. It helps ensure the security and compliance of software dependencies by providing real-time SBOMs, exploit-aware risk scoring, and license compliance. The platform is built for developers, offering a clear and comprehensive view of software components and their associated risks.

Pricing

Trace-AI offers a simple pricing model with the first five repositories free. As you scale, you can expect predictable per-repo pricing. The service includes live SBOMs with CycloneDX and SPDX, exploit-aware vulnerability checks, license tracking and alerts, and vendor monitoring.

Vibes

Trace-AI is built in the open, with a focus on transparency and community involvement. The platform publishes everything, including the model, policy as code, and configuration. Trace-AI is public from day one, with code, roadmap, and discussions living on GitHub. The community can fork, star, and contribute to the project, which is already adopted globally by startups across Czechia, Germany, the UK, and India.

Additional Information

Trace-AI supports all major ecosystems, including npm/yarn (JavaScript), pip (Python), Maven/Gradle (Java), Go modules, RubyGems, NuGet (.NET), Cargo (Rust), and more. The platform continuously adds support for new package managers and languages. Trace-AI maps SBOM data to ISO 27001, SOC 2, PCI-DSS, HIPAA, and GDPR requirements. The policy-as-code library includes pre-built compliance checks that you can fork and customize for your specific needs.