Operationalize Trust

Who it is for

Assessors Studio was built for three organizational audiences. Every feature supports at least one of them, and most organizations find they are more than one at the same time.

Self-assessors

Organizations that want to assess themselves and measure their security and compliance maturity over time. Internal security, compliance, and privacy teams. Start with Your first assessment.

Third-party assessors

Organizations and individuals that perform assessments on behalf of others. Auditors, qualified assessors, vendor risk teams, and consultants whose deliverable is a signed attestation. Start with Assessments.

Supply chain consumers

Consumers who want machine verifiable attestations from their vendors rather than static PDFs. Buyers who evaluate many suppliers and want to automate the repetitive parts. Start with Who it is for.

What is this?

Assessors Studio is an open source platform, sponsored by OWASP, that operationalizes the CycloneDX Attestations standard. It gives producers, assessors, and regulators a shared workspace for planning an assessment, collecting the evidence that proves or disproves each claim, and exchanging the result as a machine verifiable attestation.

The documentation you are reading is organized around real tasks. Start with the Introduction for background on the standard and the platform, then jump into the section that matches your job.

Popular topics

CycloneDX Attestations

A plain-English introduction to the standard that powers the platform. Read more.

Your first assessment

A 20-minute walkthrough that takes you from an empty install to a signed attestation. Start the walkthrough.

Environment variables

Every setting Assessors Studio supports, with defaults and guidance for production. Browse the reference.

Troubleshooting

Common issues, how to diagnose them, and how to fix them. Open the runbook.