Skip to content
VAST PLATFORM

Product cyber
knowledge,
made actionable

VAST centralises version tracking, component visibility, interconnection understanding and risk-driven decision-making — in a single tool.

Request a demo Discuss a use case
7 modules
Key features
360°
Product visibility
CRA+
Built-in compliance
app.vast-security.com
VAST Dashboard
VEX generated ✓
CRA compliant · 2026
Architecture

Three layers,
one coherent vision

From technical inventory to compliance evidence, VAST structures product cyber knowledge in three complementary layers.

01 / COLLECT

Assets & Components

Complete product inventory — components, versions, dependencies, suppliers. A single reference shared across teams.

LIVING ASSET
02 / ANALYZE

Risks & Interconnections

Mapping of links between assets, contextual CVE correlation, threat analysis and prioritisation guided by real risk.

RISK ENGINE
03 / DELIVER

Evidence & Reports

Generation of versioned reports, VEX, client audits. Controlled sharing without exposing sensitive details de conception.

REPORTING
Features

What VAST does,
concretely

Seven interconnected modules to cover the full lifecycle of your product cybersecurity.

Living asset: a complete product view

Each product is represented with a clear identity, a history and a context. A single reliable reference, shared across all teams.

Product identityHistoryMulti-team

Versioning & product evolution

Track the evolution of each product across HW and SW versions. Identify what changes between V1 and V2, keep a usable history for audit and maintenance.

HW + SWVersion diffAudit ready

Vulnerabilities: real impact per asset

CVEs are not processed by volume. VAST analyses them with a product-oriented logic: which assets and versions are affected, what is their real exposure level, and what priority to assign based on the risk analysis.

CVE correlationContextual prioritisationPer version

Interconnection mapping

Interconnect assets within a project — including supplier assets — to reconstruct a macro view of the system and visually spot interconnection flaws.

System graphSafe/risky protocolsVisual vulnerabilities

Alerts & project rules

Configure targeted alerts: new vulnerabilities, sensitive components, unwanted libraries, risky licences. Monitor what matters most.

Custom rulesLicencesSensitive components

Controlled sharing with clients

Share useful information — compliance, impact, decisions — without exposing sensitive design details ou d'architecture. La transparence sans divulgation.

Controlled sharingIP protectedClient evidence

Risk-driven cyber governance: the guiding thread

VAST structures a complete risk-driven approach: threats, scenarios, assessment, decisions and tracking. CVEs are correlated to the scenarios they reinforce.

Threats → ScenariosTraceable decisionsCRA compliantResidual risk
Risk engine

CVE → Decision,
in product context

When a critical vulnerability is published, the question is not "how many CVEs" but: which products, which versions, what real impact.

FR EN