Crafting Compliance for Your Software Supply Chain
I help product teams generate accurate Software Bills of Materials and demonstrate compliance with EU regulations — so you can focus on building, not paperwork.
Your dependency tree runs deeper than you think
The compliance clock is ticking
The EU Cyber Resilience Act requires software manufacturers to produce Software Bills of Materials by December 2027. DORA already mandates supply chain visibility for financial services.
Most teams know they need to act. But the tooling is immature, the requirements are ambiguous, and internal expertise is stretched thin.
You need a partner who understands both the technical implementation and the regulatory requirements — and can bridge the gap.
From chaos to clarity
How I Can Help
I integrate SBOM generation into your build pipeline using tools like CycloneDX and SPDX. You get accurate, reproducible dependency manifests for every release — not a one-off export that's outdated by next sprint.
I assess your current state against regulatory requirements, identify gaps, and create a practical roadmap. You'll know exactly what needs attention and in what order.
Auditors want evidence. I help you produce the technical documentation that demonstrates your supply chain controls — in language that satisfies both regulators and your legal team.
Crafting My Approach
I'm David, a staff software engineer with 25 years of experience in release engineering, build systems, and infrastructure. I specialise in Nix-based reproducible builds — which produce the most precise dependency graphs in the industry.
Based in Ireland, I work in EU timezones and understand both the technical depth and the regulatory context. This isn't a large consultancy that will staff your project with juniors. You work directly with me.
Make Time Certify is part of the Make Time family — a small portfolio of businesses built on craftsmanship and genuine partnership.
Let's Connect
If you're facing a compliance deadline — or just want to get ahead of one — I offer a free 30-minute discovery call to understand your situation and see if I can help.