Madrid, Spain —SCANOSS is partnering with Codelab, a specialist in embedded software engineering and cybersecurity, to help organisations in the DACH region, Poland and Sweden build audit-ready, CRA-compliant development pipelines.
With more than 20 years of experience in embedded systems and automotive software, Codelab supports organisations in building secure, compliant development environments. The partnership positions SCANOSS as a data layer within Codelab’s CRA Secure Pipeline, a solution designed to operationalise CRA requirements across the software lifecycle.
The CRA introduces clear obligations for manufacturers and software providers, including the need to maintain accurate software inventories, demonstrate control over third-party components, and address vulnerabilities throughout the product lifecycle. For organisations working with embedded systems, these requirements are particularly complex due to long product lifecycles, limited visibility into legacy code, and extensive use of third-party components.
Codelab’s CRA Secure Pipeline brings together established DevSecOps tools such as GitLab and SonarQube with SCANOSS data, enabling continuous analysis of source code as part of the development workflow. Through this integration, organisations can identify open source components, detect licence obligations, and gain visibility into cryptographic implementations directly at the code level.
This level of visibility supports key CRA requirements, including the creation and maintenance of Software Bills of Materials (SBOMs), as well as the emerging need for more detailed cryptographic inventories. By surfacing encryption algorithms in use, SCANOSS data enables organisations to move towards Cryptography Bills of Materials (CBOMs), an increasingly relevant capability as regulatory and post-quantum considerations evolve.
“Codelab’s CRA Secure Pipeline is exactly the kind of integrated, workflow-level approach that SCANOSS is built to sit inside. Their customers in the DACH region are dealing with real CRA pressure across automotive and industrial product lines, and they need software transparency that’s continuous and auditable — not a one-off scan. We’re glad to be part of that solution.”
Charles Facey, Partner Sales Manager, SCANOSS
“Codelab customers need more than a one‑off SBOM scan – they need continuous, auditable visibility into what actually goes into their code. By embedding SCANOSS as the open source and cryptography data layer inside our CRA Secure Pipeline, development teams can automatically identify OSS components, understand license obligations and build both SBOM and emerging CBOM artifacts directly from their GitLab workflows. This makes it much easier for embedded and automotive manufacturers to operationalise CRA requirements without redesigning their entire toolchain”
Sławomir Kukurenda, Solution Manager, Codelab
Codelab’s approach combines process, tooling, and regulatory expertise, while SCANOSS provides the underlying data needed to understand open source usage and cryptographic exposure. For DACH-region customers, Codelab delivers local-language enablement, first-line support, and deep implementation expertise across embedded and automotive environments.
About SCANOSS
SCANOSS provides deep visibility into the software supply chain, powered by the SCANOSS KB, to help organisations detect undeclared open source. SCANOSS is designed to integrate into existing developer and DevSecOps workflows, making software transparency part of everyday engineering practice.
About Codelab
Codelab is a European specialist in embedded software engineering and EU Cyber Resilience Act implementation. With more than 20 years of experience, it supports automotive OEMs, Tier 1 suppliers and industrial manufacturers in building secure, compliant and audit-ready software environments. Codelab is ISO 27001/9001 certified and has successfully completed a TISAX assessment, focusing on practical, engineering‑driven solutions for embedded, automotive and industrial markets.
For more information about the CRA Secure Pipeline: https://lp.Codelab.eu/cra-pipeline
