Skip to main content
ThreatZ Platform

ThreatZ
Automotive TARA & SBOM Platform
for OEMs & Tier-1 Suppliers

ThreatZ is an AI-powered automotive cybersecurity management system (CSMS) for Tier-1 suppliers, ECU manufacturers, and software providers. It unifies TARA, SBOM, vulnerabilities, and incidents in one platform for ISO/SAE 21434 and UNECE R155 compliance.

View Pricing
ISO/SAE 21434 Compliant
UNECE R155 Ready
4 Modules, 12 Capabilities
ThreatZ Dashboard
12
TARA Projects
847
Components Tracked
98%
Compliance Score
STRIDE Threat Analysis 142 threats
SBOM Vulnerabilities 7 critical
Risk Treatments 89 resolved
Core Capabilities

Purpose-Built for
Tier-1 Cybersecurity Teams

Platform Highlights

  • Centralize TARA, SBOM, risk assessments and reports in a single automotive CSMS platform
  • Support multiple OEM CSMS portals and templates without re-doing work for every customer
  • AI assistant for automotive threat modeling to propose threats, attack paths and mitigations
  • Generate audit-ready ISO/SAE 21434 / UNECE R155 documentation with full traceability

Deployment Options

Private Cloud Cloud SaaS On-Premise

Licensing Tiers

  • Team — Unlimited users, Foundation + TARA, up to 3 projects
  • Professional — Min 5 users, all modules incl. SBOM & Testing, multiple OEM programs
  • Enterprise — 21+ users, all modules incl. Operations, on-premise/SaaS/private cloud
Four Modules, Twelve Capabilities

Everything You Need for
Automotive Cybersecurity

ThreatZ unifies governance, threat analysis, supply chain security, and post-production operations into a single platform covering the complete ISO/SAE 21434 lifecycle.

Foundation Module

Cybersecurity Governance Backbone

Establish your organizational cybersecurity governance with a knowledge library of reusable building blocks, policy governance, and audit-ready compliance reporting for ISO/SAE 21434 and R155.

  • Security Catalog — knowledge library of reusable threats, risks, goals, controls, templates
  • Policy Manager — governance engine defining allowed/disallowed/mandatory practices
  • Reports & Compliance — audit engine with versioned ISO/SAE 21434 and R155 reports

TARA Module

Automotive Threat Analysis and Risk Assessment

The core of automotive cybersecurity engineering. Capture architectures and assets, run guided threat modeling for damage scenarios, threat scenarios and attack paths, and assess risks with ISO/SAE 21434-aligned scoring.

  • System Modelling — capture architectures, assets, interfaces, and CALs
  • Threat Modelling — guided approach for damage scenarios, threat scenarios, attack paths
  • Risk Assessment — ISO/SAE 21434-aligned scoring engine for prioritizing risks
  • Risk Treatment — mitigation framework for goals, controls, and treatments

Learn more about automotive TARA automation or see how AI accelerates threat analysis. Need expert help? Explore our automotive cybersecurity consulting services.

BOM & Supply Chain Module

SBOM and Vulnerability Management

Full visibility into your software supply chain. Track software components, suppliers, licenses, and vulnerabilities with automated monitoring across your entire vehicle platform.

  • SBOM Management — import, manage and monitor software bills of materials
  • Vulnerability Tracking — continuous monitoring from multiple vulnerability feeds
  • Licenses & Supplier Tracking — license compliance and supplier risk management

Dive deeper into automotive SBOM management including CycloneDX vs SPDX, CVE monitoring, and supplier portal capabilities.

Operations Module

Monitoring, Incidents and Continuous Cybersecurity

Manage the post-production cybersecurity lifecycle. Track incidents, correlate findings to risks and assets, and run validation campaigns through their full lifecycle.

  • Incidents & Security Events — incident lifecycle management with correlation to threats and assets
  • Threat Intelligence — feed ingestion, tracking and threat correlation
  • Validation & Testing — security testing campaigns with test bench agent, integrates with your existing test infrastructure
  • Vector CANoe Works with Vector CANoe (CAPL + Python) — See all integrations

For real-time fleet monitoring and in-vehicle detection, see SentraX XDR.

Integration Ecosystem

Connects to Your
Engineering Workflow

ThreatZ integrates with the tools your engineering teams already use — from system modeling and requirements management to test benches and issue tracking. View all 30+ integrations →

Architecture & Modeling

Sparx Enterprise Architect

Import XMI models and system architectures

MathWorks MATLAB

Import system architectures from System Composer

Cameo Systems Modeler

Import XMI system models from MagicDraw / Cameo

IBM Rhapsody

Import XMI system and software architecture models

SAST & Code Analysis

Semgrep

CodeQL

SonarQube

Cppcheck

Clang SA

SCA & Dependency Scanning

Black Duck

Snyk

JFrog Xray

FOSSA

Mend

Binary & Deep Analysis

CodeSonar

Klocwork

Astrée

SBOM Platforms

Dependency-Track

GUAC

DevOps, Testing & Data

Atlassian Jira

Bi-directional sync for security tasks and tickets

GitHub

Repository scanning and CI/CD pipeline integration

Vector CANoe

CAN bus security test execution (CAPL + Python)

Microsoft Excel

Import/export data via Excel spreadsheets

Vulnerability Feeds

NVD CNVD OSV GitHub Security Advisories
View All 30+ Integrations
Standards & Formats

Speaks Your
Industry Language

ThreatZ supports the SBOM formats, export standards, and data interchange protocols used across the automotive cybersecurity ecosystem.

SBOM Formats

Import and export software bills of materials in all major industry-standard formats.

CycloneDX SPDX v2.3 SPDX v3

Export Formats

Export your data in the formats your stakeholders need — from human-readable reports to machine-readable interchange standards.

PDF CSV ReqIF SARIF 2.1.0 OpenXSAM
Compliance-First

Built for the World's Most
Demanding Standards

ThreatZ maps your cybersecurity activities to the specific clauses and controls required by each standard. Generate audit-ready evidence packages with a single click.

ISO/SAE 21434

Full TARA lifecycle and cybersecurity engineering process management per clause requirements.

UNECE R155

Type approval evidence and CSMS process documentation for WP.29 compliance.

GB 44495

China's national vehicle cybersecurity standard compliance and reporting.

NIST & ISO 27001

Map controls and evidence to NIST CSF and ISO 27001 information security frameworks.

AI-Powered

Accelerate with
AI Assistance

Damage Mitigation Recommendations

AI-driven countermeasures based on Auto-ISAC guidance and proven patterns. Get actionable mitigation suggestions for identified threats and risks.

Interactive Security Chatbot

Ask natural language questions about your project context, compliance status, and cybersecurity posture. Get instant, context-aware answers.

12
Integrated Modules
23
Integration Partners
4
Vulnerability Feeds
3
Deployment Options
What Our Customers Say

Trusted by Automotive
Security Leaders

“ThreatZ transformed our CSMS from a checkbox exercise into a competitive advantage. The cross-platform intelligence alone paid for the entire deployment.”

Head of Cybersecurity Engineering
European Premium OEM — 12 Vehicle Platforms

“Before ThreatZ, a single CVE disclosure could take two weeks to assess across our ECU portfolio. Now we have impact analysis in under four hours.”

Director of Software Engineering
Global Tier-1 Supplier — 200+ ECU Variants

“ThreatZ eliminated the duplication and gave us confidence that both documentation sets were consistent and complete. We achieved European type approval months ahead of schedule.”

VP Cybersecurity
Chinese EV Manufacturer — Dual GB 44495 + R155
Frequently Asked Questions

Frequently Asked
Questions

Everything you need to know about ThreatZ, from capabilities and compliance to deployment and integrations.

What is ThreatZ?
ThreatZ is an AI-powered automotive cybersecurity platform that provides end-to-end CSMS (Cybersecurity Management System) capabilities for OEMs and Tier-1 suppliers. It covers TARA analysis, SBOM management, vulnerability tracking, compliance reporting, and security operations — all unified in a single platform with a knowledge graph backbone.
How does ThreatZ automate TARA analysis?
ThreatZ uses AI to automatically identify assets, generate threat scenarios using STRIDE methodology, assess attack feasibility, calculate risk levels per ISO/SAE 21434, and suggest risk treatment options. What traditionally takes weeks of manual effort can be completed in hours, with full traceability from assets to cybersecurity goals.
Which compliance standards does ThreatZ support?
ThreatZ supports ISO/SAE 21434, UNECE R155 (WP.29), GB 44495 (China), NIST Cybersecurity Framework, and ISO 27001 mappings. The platform generates standard-specific work products, evidence packages for type approval, and audit-ready reports. Enterprise plans also support STIX and AUTOSAR export formats.
How does the SBOM management module work?
The SBOM module provides a complete software bill of materials lifecycle — from ingestion of CycloneDX and SPDX formats, through continuous vulnerability monitoring against NVD, CNVD, and OSV databases, to automated risk scoring with CVSS and EPSS metrics. It tracks components across ECU variants and generates VEX (Vulnerability Exploitability Exchange) documents for supply chain communication.
Can ThreatZ integrate with our existing tools?
Yes. ThreatZ provides REST API access, webhooks, and native integrations with Jira, Azure DevOps, and common ALM tools. It supports OpenXSAM and STIX export formats for interoperability with other security tools. SSO via SAML 2.0 and OpenID Connect is available on Professional and Enterprise plans.
What is the knowledge graph and why does it matter?
ThreatZ's knowledge graph is a connected data model that links every entity in your cybersecurity program — from vehicle architectures and ECU components to threat scenarios, vulnerabilities, and compliance evidence. This enables powerful traceability queries (e.g., “show all threats affecting components with known CVEs”) and ensures no gaps in your security analysis.
Is ThreatZ suitable for Tier-1 suppliers?
Absolutely. ThreatZ was designed specifically for the needs of Tier-1 and Tier-2 suppliers who must demonstrate ISO/SAE 21434 compliance to multiple OEMs simultaneously. The multi-project architecture lets suppliers manage separate TARA analyses per OEM program while sharing common component libraries and threat intelligence across projects.
How is ThreatZ deployed?
ThreatZ is available as a cloud-hosted SaaS platform (hosted in EU data centers) or as an on-premise deployment for Enterprise customers. On-premise options include dedicated infrastructure, air-gapped environment support, and custom data residency to meet automotive industry security requirements.
Related Resources

Explore Further

Deep-dive articles from our engineering team.

ISO/SAE 21434 TARA: Step-by-Step Implementation Guide

Read article →

Automating TARA with AI

Read article →

Mapping STRIDE to Automotive Threat Modeling

Read article →

Attack Trees vs Attack Paths in Automotive

Read article →

Frequently Asked Questions

What is ThreatZ?

ThreatZ is an AI-powered automotive cybersecurity platform that provides end-to-end CSMS (Cybersecurity Management System) capabilities for OEMs and Tier-1 suppliers. It covers TARA analysis, SBOM management, vulnerability tracking, compliance reporting, and security operations — all unified in a single platform with a knowledge graph backbone.

How does ThreatZ automate TARA analysis?

ThreatZ uses AI to automatically identify assets, generate threat scenarios using STRIDE methodology, assess attack feasibility, calculate risk levels per ISO/SAE 21434, and suggest risk treatment options. What traditionally takes weeks of manual effort can be completed in hours, with full traceability from assets to cybersecurity goals.

Which compliance standards does ThreatZ support?

ThreatZ supports ISO/SAE 21434, UNECE R155 (WP.29), GB 44495 (China), NIST Cybersecurity Framework, and ISO 27001 mappings. The platform generates standard-specific work products, evidence packages for type approval, and audit-ready reports.

How does the SBOM management module work?

The SBOM module provides a complete software bill of materials lifecycle — from ingestion of CycloneDX and SPDX formats, through continuous vulnerability monitoring against NVD, CNVD, and OSV databases, to automated risk scoring with CVSS and EPSS metrics.

Can ThreatZ integrate with our existing tools?

Yes. ThreatZ provides REST API access, webhooks, and native integrations with Jira, Azure DevOps, and common ALM tools. SSO via SAML 2.0 and OpenID Connect is available on Professional and Enterprise plans.

What is the knowledge graph and why does it matter?

ThreatZ's knowledge graph links every entity in your cybersecurity program — from vehicle architectures and ECU components to threat scenarios, vulnerabilities, and compliance evidence. This enables powerful traceability queries and ensures no gaps in your security analysis.

Is ThreatZ suitable for OEMs and Tier-1 suppliers?

Absolutely. ThreatZ was designed for the needs of OEMs and Tier-1 suppliers who must demonstrate ISO/SAE 21434 compliance. The multi-project architecture lets you manage separate TARA analyses per vehicle program while sharing common component libraries and threat intelligence across projects.

How is ThreatZ deployed?

ThreatZ is available as a cloud-hosted SaaS platform (hosted in EU data centers) or as an on-premise deployment for Enterprise customers with custom data residency requirements.

Ready to Transform Your TARA Workflow?

Start Managing Automotive
Cybersecurity the Right Way.

Get your team up and running with ThreatZ in days, not months. Full ISO/SAE 21434 lifecycle coverage from day one. Learn more about ISO/SAE 21434 compliance requirements. Need expert help? Explore our engineering services.

View Pricing View Integrations Compare ThreatZ
ISO/SAE 21434 Compliant UNECE R155 Ready Private Cloud & On-Premise