Software Scanning and Distribution

Vulnerability and Composition Analysis. B2B Software Distribution with Export Control.

SODIACS^® (Software Distribution Access Control System) is a B2B software scanning and distribution solution for software product teams and regulatory compliance teams. It enables any business that has a need to distribute software to another business to store, organize, and publish software, grant download permissions and be compliant with government export control laws and regulations. With additional software scanning capabilities, it also serves as a final compliance gate prior to software release for fulfilling regulatory obligations under emerging frameworks such as the EU Cyber Resilience Act (CRA). It can also serve as an independent validation layer for software development teams to reduce the risk of late-stage discovery of issues related to vulnerability, composition, and licensing.

Export control compliance
Software vulnerability and composition analysis
Role-based access control
Leveraging existing user credentials
User-friendly web portal and software publishing API
High availability and security
Competitive and flexible pricing

EXPORT CONTROL COMPLIANCE

Government mandated export control is a big challenge for software vendors that have international customers and partners, as well as their own overseas offices. Export control laws and regulations are complicated and the penalty for noncompliance could be very severe. SODIACS^® helps software vendors become and stay in compliance with software export control laws and regulations. SODIACS^® requires every software package to have export control classifications, and checks if an attempt to download a package should be blocked according to any applicable export control rules. As companies, people, and locations could be misidentified due to similar names, addresses, or other attributes, some download attempts could be blocked unnecessarily. SODIACS^® allows users on a software vendor’s trade compliance team to review blocked download attempts and override the blocks if the downloader or the destination is misidentified.

SOFTWARE VULNERABILITY AND COMPOSITION ANALYSIS

SODIACS^® integrates comprehensive software vulnerability and composition analysis into a single platform, enabling users to scan for vulnerabilities and generate compliance-ready artifacts such as SBOMs and software license disclosures. The platform identifies vulnerabilities across software components and hidden dependencies using authoritative sources, including the National Vulnerability Database (NVD), Open Source Vulnerabilities (OSV), GitHub Advisory Database (GAD), Red Hat, and Curl. SODIACS^® also produces Vulnerability Exploitability eXchange (VEX) reports as needed. AI-powered assistance further enhances analysis by providing clear CVE explanations, insights into vulnerability scope and severity, and actionable mitigation guidance.

ROLE-BASED ACCESS CONTROL

SODIACS^® supports role-based access control, enabling flexible user permission management via role assignments. SODIACS^®'s predefined roles are based on common essential responsibilities and needs in software distribution processes. Examples of roles in SODIACS^® include Vendor Admin, Product Manager, Account Manager, Software Publisher, Software Downloader, and Trade Compliance Specialist, etc. They can be assigned to software vendor employee, customer and partner users based on the tasks they would perform in the system.

LEVERAGING EXISTING USER CREDENTIALS

Many software vendors have existing user directories with employee, customer, and partner users’ credentials. SODIACS^® can integrate with such user directories over LDAP, OAuth2, or SAML. Once SODIACS^® is integrated with a software vendor’s user directory, the software vendor’s employees, customers, and partners can use their existing credentials to sign into SODIACS^®. SODIACS^® does not require any change to the existing user management policies already in place.

USER-FRIENDLY WEB PORTAL AND SOFTWARE PUBLISHING API

Both software vendors and their customers want an uncomplicated and easy-to-understand user interface in a software distribution system so that they can do what they need to do without too much distraction and thinking. SODIACS^® has a simple and intuitive user interface that does not require extensive user training. With SODIACS^®, both software vendor users and customer users can hit the ground running as soon as they gain access.

For software vendors who have an automated software build process, SODIACS^® can help extend such a process to include software publishing steps, such as uploading software packages, setting their publishing status, and granting download permission to certain customer users.

HIGH AVAILABILITY AND SECURITY

To a software vendor, it is very important for its customers and partners to be able to download the software they are entitled to when they need it. In addition, a software distribution platform must be able to prevent unauthorized access to the software it holds. SODIACS^® is hosted on a highly available and scalable infrastructure in a secure facility. Every aspect of the hosting environment of SODIACS^® is monitored 24x7. SODIACS^® is also hosted in a remote disaster recovery facility with real-time data replication from the primary facility.

COMPETITIVE AND FLEXIBLE PRICING

A software distribution system is a necessary tool for software vendors to serve their customers and should not impose an increasing financial burden when their business grows. We, being a software vendor ourselves, understand the frustration caused by ever increasing cost of software distribution when there are more and more software packages and customers. That is why, with any software vendor considering SODIACS^®, we try to understand their initial needs and their growth projection before getting to price discussion. We can customize our pricing structure for small, medium and large software vendors. Contact us to be compliant with export control laws and save on software distribution costs.