Blogartikel_kotlin-csaf_Christian_Banse

Faster detection and rectification of security vulnerabilities in software with CSAF

The Common Security Advisory Framework (CSAF) is a machine-readable format for security notices and plays a crucial role in implementing the security requirements of the Cyber Resilience Act (CRA): Security vulnerabilities can be detected and rectified faster by automatically creating and sharing security information. Fraunhofer AISEC has now published the software library »kotlin-csaf«, which implements the CSAF standard in the Kotlin programming language.

What is »kotlin-csaf«?

 

»kotlin-csaf« is an initial version of a software library that allows developers to process security information in the standardized CSAF format. This makes it easier to manage and validate security alerts and recommendations, which ultimately helps to make software more secure. The CSAF standard plays a critical role in cybersecurity by providing automated information to find and eliminate security vulnerabilities.

 

Integration with Dependency-Track: automated security checks, faster responses and more efficient compliance

The next step for Fraunhofer AISEC is to integrate »kotlin-csaf« into the Dependency-Track tool. Dependency-Track is a tool that reviews programs and their dependencies for security vulnerabilities. With the future integration of »kotlin-csaf« into Dependency-Track, companies will be able to

  • carry out automated security checks by processing security alerts and recommendations in a standardized format,

  • ensure faster responses to security incidents, as security information can be automatically created and consumed,

  • achieve more efficient compliance, as the Dependency-Track tool will then be more capable of meeting the requirements of the Cyber Resilience Act and the NIS 2 Directive.

Get involved: your feedback matters

»kotlin-csaf« is still in the early stages of development. Fraunhofer AISEC is continuously working to improve and expand the library. Therefore, we are looking for partners who are interested in working with us. Your input and feedback are crucial to making »kotlin-csaf« an even better cybersecurity tool.

»kotlin-csaf« library on GitHub: https://github.com/csaf-sbom/kotlin-csaf 

Author
Banse_Christian_Fraunhofer_AISEC
Christian Banse

Christian Banse holds a Master of Science in Business Information Systems with a focus on IT security from the University of Regensburg. He has been an employee at Fraunhofer AISEC since 2011. He was responsible for setting up a new type of network and cloud security laboratory, which he is now managing. This laboratory investigates research questions related to networks and IP-based communication. A particular focus is on research into methods for the automated and continuous certification of the IT security of cloud and container applications. Since mid-2018, Christian Banse has also been head of the Service and Application Security department.

Most Popular

Never want to miss a post?

Please submit your e-mail address to be notified about new blog posts.
 
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.

* Mandatory

* Mandatory

By filling out the form you accept our privacy policy.
Twitter Linkedin Youtube Xing

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

From Early Warning Signs to the Workbench: the PQC Update 2026 Shows that the Post-Quantum Era Has Begun

Fraunhofer AISEC 8. May 2026

As we kicked off the PQC Update 2026, one question hung in the air: Is post-quantum cryptography still a distant dream – or has it long since become part of everyday life for government agencies, industry, and standards bodies? The answers from our speakers were surprisingly concrete: Dutch guidelines, German ID cards with PQC, new security chips, updated internet standards, roadmaps for critical infrastructure, and tools that can already reveal your legacy cryptographic vulnerabilities today. If you just want to know whether you need to take action now: Yes. If you want to know how, read on.

Read More »

Hardware Security in a Networked World | Threat Scenarios, Protection Against Manipulation and the Role of Trust Anchors

Tanja Sadler 28. April 2026

How can we trust the hardware that forms the backbone of our connected world? In this interview, Dr. Matthias Hiller, head of the Hardware Security department at Fraunhofer AISEC, explains how trust anchors, secure chiplets, and advanced protection mechanisms help safeguard IT systems against tampering, and why hardware security is becoming a strategic factor for Europe in the age of quantum-based threats.

Read More »

Secure System-On-Chip: Protecting Operating Systems and Hardware

Michael Weiß 12. March 2026

How can we trust chips and operating systems that power IoT, industry and the cloud? In this interview, Fraunhofer AISEC cybersecurity researcher Dr. Michael Weiß explains how GyroidOS, secure system-on-chip and open standards like RISC-V create verifiable, tamper-resistant platforms for tomorrow’s critical infrastructure.

Read More »