CIRCL - Request for Proposals for Software Services and Engineering (2025-04)

CIRCL - Request for Proposals for Software Services and Engineering (2025-04)

Back to CIRCL - Request for Proposals

  1. CIRCL - Request for Proposals for Software Services and Engineering (2025-04)
  2. Package 01 - Lookyloo, Lacus development and maintenance
  3. Package 02 - vulnerability-lookup project improvement, MISP/CTI integration in the focus of the NIS2 CVD support
  4. Bid submission
  5. Selection criteria
  6. Delivery location
  7. Classification of this document
  8. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

CIRCL - Request for Proposals for Software Services and Engineering (2025-04)

The scope of the RfP is the supply and delivery of Software Services and Engineering to CIRCL within a scope of internal software. The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP fall into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.

Package 01 - Lookyloo, Lacus development and maintenance

  • Lookyloo is an open source project composed of web interface and back-end which allows users to capture a website page and then display a tree of domains that call each other;
  • Lacus is an open source project for crawling;
  • The supplier must handle the development of the Lookyloo project, Lacus and related toolsets used for web crawling in close collaboration with CIRCL team;
  • The supplier must handle issue tracking and resolution including specific and custom developments requested by CIRCL;
  • The supplier must maintain the code including the review and merge of pull-requests from third parties;
  • The supplier must evaluate and contribute to the evolution of the Lookyloo project and Lacus with CIRCL;
  • The supplier must maintain the associated documentation to keep it in-line with the Lookyloo online services;
  • The community management of the Lookyloo project and pandora framework will be handle by the supplier along with CIRCL;
  • The supplier will work with CIRCL to test and maintain production systems accessible to users;
  • The supplier will work with CIRCL to integrate with the incident process and toolset at CIRCL including urlabuse;
  • The supplier must be inline with open source development methodologies defined by CIRCL and the Lookyloo and Lacus community;

Package 02 - vulnerability-lookup project improvement, MISP/CTI integration in the focus of the NIS2 CVD support

  • The supplier must handle the development of PyMISP and related toolsets in close collaboration with CIRCL team;
  • PyMISP and integration with existing and upcoming CIRCL tools;
  • Pandora framework is an open source project and an analysis framework to discover if a file is suspicious and conveniently show the results;
  • The supplier must handle the development of the vulnerability-lookup project in close collaboration with the CIRCL team.
  • The supplier must manage issue tracking and resolution, including specific and custom developments requested by CIRCL.
  • The supplier must maintain the code, including reviewing and merging pull requests from third parties.
  • The supplier must keep the associated documentation up to date and in line with the vulnerability-lookup project.
  • The community management of the vulnerability-lookup framework will be handled by the supplier in collaboration with CIRCL.
  • The supplier will work with CIRCL to test and maintain production systems accessible to users.
  • The supplier must adhere to the open-source development methodologies defined by CIRCL and the vulnerability-lookup community.
  • Requests and updates for vulnerability-lookup must be followed up via GitHub issues.

Bid submission

The offers are to be submitted to info@circl.lu before the 20th December 2025 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. A bidder can submit for one or more packages. The offer must be in EURO. The offer must at least include a description of the package proposed, technical details and clearly mention Proposal for Software Services and Engineering (2025-04).

Selection criteria

  • (1) Compliance with specifications;
  • (2) Pricing;
  • (3) Past performance of the bider concerning technical capabilities and experience with the listed tools;
  • (4) Understanding of Open Source methodologies including collaboration and community management;
  • (5) Compliance with existing open source licensing;

Delivery location

The offers must include the delivery to the following addresses located in Luxembourg or via remote services for software engineering services:

CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg

Classification of this document

TLP:CLEAR information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 December 4th 2025 - Initial version TLP:CLEAR.