Join waitlist

About crawin

crawin is the SBOM and EU Cyber Resilience Act compliance product from AWARE GmbH, an Austrian software studio in Vienna. We build crawin because the CRA's deadlines are real, the fines are real, and the existing SBOM tools were not built for the compliance officer who has to file the paperwork.

Why we're building this

The CRA (Regulation EU 2024/2847) makes SBOMs and 24-hour vulnerability notifications mandatory for every manufacturer placing a digital product on the EU market. The first hard deadline is September 11, 2026. The full deadline is December 11, 2027.

The category leaders today (Snyk, Black Duck, Anchore, FOSSA) are priced for large security teams and built for developers. The SME manufacturer with five products and one part-time compliance lead has been left to figure it out alone. crawin is for them: compliance-officer-first, EU-priced, runs on the CI you already have.

The company behind crawin

Company
AWARE GmbH
Registered office
Weimarer Straße 104/7
Ecke Peter-Jordan-Straße 21/7
1190 Wien, Austria
Managing director
Alexander-Kai Orlowski
Commercial register
FN 357830 x · Handelsgericht Wien
VAT ID
ATU66198624
Chamber
Wirtschaftskammer Wien — Fachgruppe UBIT
Supervisory authority
Magistratisches Bezirksamt für den 19. Bezirk, Wien
Parent site
aware.vision

Full Austrian impressum and legal disclosures live at aware.vision/impressum.

Want a heads-up when crawin opens?

We open access in waves, starting with EU manufacturers on the September 2026 ENISA deadline. Drop your email below and we email you when your wave opens.

One email when your wave opens. No newsletter, no drip. Unsubscribe is one click. We do not share with third parties. Read our privacy notice.