For SMEs, clarity and actionable output are the most important signals. Having a simple CLI that emits SARIF/JUnit for automated pipelines is great, but adding a minimal “human readable summary” with clear pass/fail thresholds and context for compliance checks can make a huge difference in adoption. Curious if you’ve considered automated mapping of dependencies to NIS2/DORA clauses, or if you leave that for post-scan review.