Web accessibility (WCAG 2.2 / EN 301 549)
WCAG 2.2 AA accessibility for web & software — the conformance the EU Accessibility Act makes you self-declare.
Pick the regimes your repository answers to. Each runs on the same honest pattern: Watchdog evidences the automatable slice, gates what it caught failing, and a named human declares the rest. Every card shows the three-way split — tool-evidenced, evidence-assisted, and human attestation — before you enable a thing. For accessibility (WCAG 2.2 / EN 301 549) we push that as far as it honestly goes: static checks tool-evidence what they can, and for repos with the framework on, a sandboxed rendered-axe pass and LLM advisories add runtime/assisted evidence — so the human slice is the minimum the standard actually requires a person to judge.
Self-assess any framework on any plan. Signing & exporting the tamper-evident artifact is part of the compliance module. We measure; you declare. We never certify.
2 frameworks
WCAG 2.2 AA accessibility for web & software — the conformance the EU Accessibility Act makes you self-declare.
The full EU ICT accessibility standard — WCAG 2.1 AA for the web clause (per v3.2.1), plus the non-web ICT clauses you declare.
3 frameworks
Cyber risk-management measures for essential & important entities — the technical slice of Article 21(2).
Product cybersecurity for products with digital elements (EU CRA) — the repository-visible security properties are tool-evidenced; conformity is the manufacturer's.
A preparation/readiness tool for ISO/IEC 27001 Annex A:2022 — all 93 controls. Gather the technical evidence a scan produces toward certification; only the Technological theme (A.8) is tool-evidenced. Not a certificate.
1 framework
ICT operational-resilience for EU financial entities — five pillars plus the RTS technical measures. Opt-in.
1 framework
Tamper-resistant build & source integrity (SLSA v1.2) — provenance and source-control attestations across Build L1–L3 and Source L1–L4.
2 frameworks
Secure software development practices (NIST SP 800-218) — secure coding & vulnerability response are tool-evidenced; governance is attested.
Application-security verification (OWASP ASVS v5.0.0, full 345-requirement set) — injection, crypto, transport, config, dependencies & logging are tool-evidenced; the rest is verified by testing.
1 framework
The technical measures of GDPR Art. 32 & Art. 25 only (encryption, secrets, vulnerabilities, resilience) — not GDPR compliance.
Each framework is Automatic / On / Off per repository · the honesty model in depth · pricing