Cette%20startup%20d%27Etat%20est%20sponsoris%C3%A9e%20par%20la%20Direction%20G%C3%A9n%C3%A9rale%20de%20l%27alimentation%20au%20minist%C3%A8re%20de%20l%27agriculture.%0ALa%20startup%20est%20%C3%A9galement%20laur%C3%A9ate%20du%20guichet%20FTAP%20%22valorisation%20et%20exploitation%22%20des%20donn%C3%A9es%2C%20fonds%20port%C3%A9%20par%20la%20DINUM%20et%20ETALAB.%20Ce%20co-financement%20permet%20%C3%A0%20la%20startup%20d%27entamer%20le%20chantier%20de%20fiabilisation%20de%20la%20base%20de%20donn%C3%A9es%20substances%20gr%C3%A2ce%20%C3%A0%20des%20logiques%20de%20NLP%20et%20branchement%20de%20sources%20de%20donn%C3%A9es%20externes%20%28ANSES%2C%20avis%20EFSA%2C%20catalogue%20novel%20food...%29.%0A%0ALe%20r%C3%A9cent%20comit%C3%A9%20d%27investissement%20s%27est%20tenu%20en%20avril%202024%20et%20a%20arbitrer%20le%20continuum%20d%27une%20construction%20de%20solution%20num%C3%A9rique%20qui%20remplacera%20et%20am%C3%A9liorera%20un%20outil%20existant%2C%20transf%C3%A9r%C3%A9%20par%20la%20DGCCRF%20%C3%A0%20la%20DGAl.%20%0A%0A%23%23%20Notre%20mission%20%3A%20%0A%0APermettre%20une%20circulation%20de%20compl%C3%A9ments%20alimentaires%20conformes%20%C3%A0%20la%20r%C3%A9glementation%2C%20s%C3%BBrs%20en%20termes%20de%20sant%C3%A9%20publique%20et%20adapt%C3%A9s%20aux%20besoins%20physiologiques%20des%20consommateurs%0A%0A%23%23%20Quelques%20chiffres%20%3A%20%0A%0A%2A%20plus%20de%202%2C4%20Md%20d%E2%80%99euros%20en%202022%0A%3A%20La%20valeur%20du%20march%C3%A9%20avec%20une%20demande%20et%20une%20offre%20en%20constante%20croissance%0A%0A%2A%201600%20dossiers%20d%C3%A9pos%C3%A9s%20%C3%A0%20la%20DGAl%20par%20mois%20par%20les%20professionnels%0A%3A%20Tous%20les%20mois%2C%20le%20nombre%20de%20produits%20d%C3%A9clar%C3%A9s%20ou%20soumis%20%C3%A0%20la%20demande%20d%27autorisation%20de%20l%27administration%20via%20la%20plateforme%20teleicare%2C%20outil%20actuel%20pour%20d%C3%A9poser%20un%20dossier.%20Outil%20obsol%C3%A8te%20et%20ne%20r%C3%A9pondant%20que%20partiellement%20aux%20besoins%20des%203%20instructrices%20des%20dossiers.%0A%2A%20des%20compl%C3%A9ments%20alimentaires%20sont%20en%20vente%20sans%20pour%20autant%20%C3%AAtre%20connus%20de%20l%E2%80%99administration%20%28une%20enqu%C3%AAte-myst%C3%A8re%20a%20relev%C3%A9%20un%20nombre%20cons%C3%A9quent%20de%20produits%20non%20d%C3%A9clar%C3%A9s%20sur%2030%20produits%20choisis%20au%20hasard%20en%20GMS%2C%20pharmacies%2C%20internet%20-%20%C3%A9chantillon%20non%20statistique%29%20car%20non%20d%C3%A9clar%C3%A9s%20par%20les%20professionnels%20et%20pourtant%20disponibles%20dans%20les%20canaux%20de%20distribution%0A%0A%23%23%20Le%20probl%C3%A8me%20%3A%20%0A%0ALes%20compl%C3%A9ments%20alimentaires%20sont%20des%20denr%C3%A9es%20alimentaires%20dont%20le%20but%20est%20de%20compl%C3%A9ter%20un%20r%C3%A9gime%20alimentaire%20normal.%20C%27est%20aujourd%27hui%20un%20march%C3%A9%20de%20plus%20de%202%2C4%20Md%20d%27euros%20en%202022%20qui%20concernent%20des%20canaux%20de%20distribution%20vari%C3%A9s%20%3A%20les%20pharmacies%20%2850%25%29%2C%20la%20grande%20distribution%20%2816%25%29%2C%20le%20e-commerce%20%288%25%29.%20%0ALeur%20consommation%20conna%C3%AEt%20une%20croissance%20marqu%C3%A9e%20en%20France%2C%20o%C3%B9%20environ%2020%25%20des%20adultes%20int%C3%A8grent%20ces%20produits%20dans%20leur%20quotidien%3B%20croissance%20suscitant%20des%20r%C3%A9flexions%20quant%20%C3%A0%20ses%20implications%20pour%20la%20sant%C3%A9%20publique%20et%20la%20r%C3%A9glementation.%0A%0ACompte%20tenu%20de%20leurs%20caract%C3%A9ristiques%2C%20les%20compl%C3%A9ments%20alimentaires%20ne%20sont%20pas%20des%20produits%20anodins.%20Ils%20peuvent%20pr%C3%A9senter%20des%20risques%20pour%20la%20sant%C3%A9%20en%20cas%20de%20m%C3%A9susage.%20Il%20convient%20donc%20de%20bien%20respecter%20les%20conseils%20d%E2%80%99utilisation%20%28doses%20journali%C3%A8res%2C%20personnes%20concern%C3%A9es%2C%20etc.%29.%20Il%20est%20%C3%A9galement%20conseill%C3%A9%20de%20porter%20la%20plus%20grande%20attention%20aux%20cumuls%20de%20consommation%20%28par%20exemple%2C%20lorsque%20plusieurs%20compl%C3%A9ments%20alimentaires%20sont%20consomm%C3%A9s%20de%20mani%C3%A8re%20concomitante%29%20et%20aux%20interactions%20potentielles%20avec%20d%E2%80%99autres%20produits%20%28m%C3%A9dicaments%29.%0A%0AUne%20diff%C3%A9rence%20majeure%20entre%20les%20compl%C3%A9ments%20alimentaires%20et%20les%20m%C3%A9dicaments%20r%C3%A9side%20dans%20le%20processus%20de%20r%C3%A9gulation.%20Alors%20que%20les%20m%C3%A9dicaments%20sont%20soumis%20%C3%A0%20une%20proc%C3%A9dure%20stricte%20d%27AMM%20%28Autorisation%20de%20Mise%20sur%20le%20March%C3%A9%29%2C%20les%20compl%C3%A9ments%20alimentaires%20%C3%A9chappent%20%C3%A0%20des%20contraintes%20similaires.%20En%20effet%2C%20d%C3%A8s%20lors%20qu%27un%20produit%20contient%20des%20ingr%C3%A9dients%20autoris%C3%A9s%2C%20il%20peut%20%C3%AAtre%20mis%20en%20vente%20sans%20proc%C3%A9dure%20d%27AMM.%20M%C3%AAme%20si%20un%20ingr%C3%A9dient%20n%27est%20ni%20autoris%C3%A9%20ni%20interdit%20mais%20est%20d%C3%A9j%C3%A0%20commercialis%C3%A9%20dans%20l%27Union%20Europ%C3%A9enne%2C%20une%20simple%20d%C3%A9claration%20%C3%A0%20la%20DGAl%20suffit%2C%20ce%20qui%20soul%C3%A8ve%20des%20pr%C3%A9occupations%20sur%20la%20vigilance%20de%20cette%20r%C3%A9glementation.%0A%0ADistinguer%20ce%20qui%20est%20autoris%C3%A9%20de%20ce%20qui%20ne%20l%27est%20pas%20dans%20le%20domaine%20des%20compl%C3%A9ments%20alimentaires%20demeure%20ardu.%20Les%20sources%20d%27information%20sont%20dispers%C3%A9es%2C%20et%20le%20grand%20public%20peine%20%C3%A0%20trouver%20des%20informations%20fiables.%20Les%20industriels%2C%20pour%20leur%20part%2C%20doivent%20naviguer%20au%20sein%20d%27un%20labyrinthe%20r%C3%A9glementaire%2C%20souvent%20en%20recourant%20%C3%A0%20des%20services%20%22affaires%20r%C3%A9glementaires%22%20complexes%20pour%20s%27assurer%20de%20la%20conformit%C3%A9%20de%20leurs%20produits.%0A%0A%0A%23%23%20Hypoth%C3%A8ses%20de%20solution%20%3A%20%0A%0AUne%20des%20principales%20difficult%C3%A9s%20du%20cadre%20applicable%20au%20secteur%20des%20compl%C3%A9ments%20alimentaires%20est%20la%20multitude%20des%20sources%20pour%20identifier%20si%20une%20substance%20est%20ou%20non%20autoris%C3%A9e%20et%20sous%20quelles%20conditions.%20Les%20listes%20et%20ressources%20jalonnent%20le%20paysage%20r%C3%A9glementaire%2C%20incluant%20divers%20arr%C3%AAt%C3%A9s%20qui%20%C3%A9num%C3%A8rent%20les%20nutriments%2C%20plantes%20et%20substances%20utilisables%2C%20les%20avis%20de%20l%E2%80%99Anses%20et%20de%20l%E2%80%99Efsa%20ainsi%20que%20des%20textes%20l%C3%A9gislatifs%20europ%C3%A9ens%20qui%20autorisent%20certaines%20substances%20dans%20les%20compl%C3%A9ments%20alimentaires%20%28voire%20des%20textes%20l%C3%A9gislatifs%20d%E2%80%99autres%20Etats%20membres%20qui%20vont%20permettre%20l%E2%80%99application%20du%20principe%20de%20reconnaissance%20mutuelle%29.%20Cette%20complexit%C3%A9%20ajoute%20une%20couche%20d%E2%80%99ambigu%C3%AFt%C3%A9%20pour%20les%20consommateurs%20et%20les%20industriels.%0AL%E2%80%99objectif%20sous-jacent%20est%20de%20garantir%20un%20niveau%20%C3%A9lev%C3%A9%20de%20protection%20au%20consommateur%2C%20en%20lui%20fournissant%20des%20compl%C3%A9ments%20alimentaires%20qui%20r%C3%A9pondent%20aux%20exigences%20nationales.%0A%0ALes%20trois%20missions%20principales%20que%20nous%20nous%20fixons%20pendant%20la%20phase%20de%20construction%20consistent%20%C3%A0%20%3A%0A-%20Faciliter%20et%20fluidifier%20l%E2%80%99instruction%20des%20dossiers%20compl%C3%A9ments%20alimentaires%20afin%20d%E2%80%99accorder%20davantage%20de%20temps%20%C3%A0%20la%20veille%20et%20actualisation%20r%C3%A9glementaire%C2%A0%28les%201600%20dossiers%20re%C3%A7us%20chaque%20mois%29%20%3B%C2%A0%0A-%20Autonomiser%20et%20responsabiliser%20les%20professionnels%20du%20secteur%20en%20leur%20fournissant%20les%20ressources%20et%20outils%20n%C3%A9cessaires%20%C3%A0%20une%20production%20saine%20et%20l%C3%A9gale%C2%A0%28transparence%20et%20accessibilit%C3%A9%20des%20donn%C3%A9es%20et%20informations%29%20%3B%C2%A0%0A-%20Informer%20les%20consommateurs%2C%20les%20rendre%20acteurs%20de%20leur%20consommation.%0A%0ALes%20chantiers%20en%20cours%20%3A%0A%0A-%20Constitution%20d%27une%20nouvelle%20base%20de%20donn%C3%A9es%20avec%20les%20ingr%C3%A9dients%20pouvant%20%C3%AAtre%20incorpor%C3%A9s%20dans%20les%20compl%C3%A9ments%20alimentaires%20ainsi%20que%20leurs%20sp%C3%A9cifications%20%28dose%20max%2C%20message%20d%E2%80%99avertissement%20%C3%A0%20apposer%2C%20etc.%29%20accessible%20aux%20professionnels%20qui%20leur%20permettra%20en%20amont%20de%20leur%28s%29%20d%C3%A9claration%28s%29%20de%20v%C3%A9rifier%20le%20respect%20des%20exigences%20applicables.%20Cette%20transparence%20vis-%C3%A0-vis%20des%20professionnels%20s%E2%80%99accompagnera%20de%20la%20diffusion%20r%C3%A9guli%C3%A8re%20d%E2%80%99une%20info-lettre%20avec%20les%20derni%C3%A8res%20mises%20%C3%A0%20jour%20%3B%C2%A0%0A%0A-%20La%20construction%20d%E2%80%99un%20moteur%20de%20recherche%20dans%20cette%20base%20de%20donn%C3%A9e%20qui%20permettra%20de%20conna%C3%AEtre%20le%20statut%20des%20ingr%C3%A9dients%20et%20substances%2C%20leurs%20sp%C3%A9cificit%C3%A9s%20r%C3%A9glementaires...%20%0A%0AA%20termes%2C%20i.e.%20d%27ici%20la%20rentr%C3%A9e%20de%20septembre%202024%2C%20il%20s%27agira%20de%20devenir%20le%20nouvel%20outil%20de%20d%C3%A9claration%20des%20compl%C3%A9ments%20alimentaires%2C%20avec%20un%20parcours%20fluidifi%C3%A9%20et%20automatis%C3%A9.%20%0A%0A%28%C3%A0%20venir%20plus%20tard%20dans%20les%20phases%20de%20d%C3%A9veloppement%29%0A-%20la%20constitution%20d%27un%20catalogue%20en%20open%20data%20des%20compl%C3%A9ments%20alimentaires%20d%C3%A9clar%C3%A9s%0A-%20la%20possibilit%C3%A9%20pour%20un%20consommateur%20de%20%27signaler%27%20et%20demander%20le%20statut%20%28autoris%C3%A9%2Finterdit%2Finconnu%29%20d%27un%20produit%20disponible%20%C3%A0%20la%20vente%20mais%20non%20pr%C3%A9sent%20dans%20le%20catalogue%20%28donc%20non%20d%C3%A9clar%C3%A9%29%0A%0A%21%5BSlide%2016_9%20-%208%20-%20compl%27alim%20%282%29%5D%28https%3A%2F%2Fgithub.com%2Fbetagouv%2Fbeta.gouv.fr%2Fassets%2F36134318%2F3df4d4c5-e778-44cc-a709-9631b89dcd75%29%0A%0A%21%5BSlide%2016_9%20-%201%5D%28https%3A%2F%2Fgithub.com%2Fbetagouv%2Fbeta.gouv.fr%2Fassets%2F36134318%2Facbb64e9-0bf1-42f5-be25-926ccb8ddd88%29%0A%0A%0A%23%23%20L%27%C3%A9quipe%20de%20la%20startup%20%3A%0A%0AEn%20octobre%202023%2C%20apr%C3%A8s%20validation%20de%20la%20phase%20d%27investigation%2C%20les%20intrapreneuses%2C%20Caroline%20et%20Emmanuelle%2C%20ainsi%20que%20la%20coach%2C%20Jenn%2C%20ont%20%C3%A9t%C3%A9%20rejoins%20par%20%3A%20%0A%0AAlejandro%20Guill%C3%A8n%2C%20lead%20dev%20fullstack%0APerrine%20Letellier%2C%20dev%20fullstack%2Fdata%20scientist%0ADavid%20Dahan%2C%20dev%20fullstack%0AArthur%20Klein%2C%20designer%20de%20services%0A%0A%0A%23%23%20En%20savoir%20plus%20%3A%20%0A%0ANotre%20code%20est%20en%20open%20source%20ici%20%3A%20https%3A%2F%2Fgithub.com%2Fbetagouv%2Fcomplements-alimentaires%0A%0A%0ANous%20contacter%20%3A%20emmanuelle.miralles%40agriculture.gouv.fr%2C%20caroline.viste-martin%40agriculture.gouv.fr%20et%20jennifer.stephan%40beta.gouv.fr%0A

Compl'Alim

investigation

construction

Diagnostics

Metrics

http

https

socks

pvuniwien

abyss

An MX record was detected. MX records direct emails to a mail exchange server.

MX Record Detection

A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.

CAA Record

An NS record was detected. An NS record delegates a subdomain to a set of name servers.

NS Record Detection

SPF Record - Detection

A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.

DNS TXT Record Detected

Allowed Options Method

This template searches for missing HTTP security headers. The impact of these missing headers can vary.


HTTP Missing Security Headers

robots.txt endpoint prober

robots.txt file

WAF Detection

Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.


Detect SSL Certificate Issuer

Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.


SSL DNS Names

TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.
It is important to detect the TLS version in order to ensure secure communication between two computers or servers.


TLS Version - Detect

_pk_ses.95.60ae

_pk_id.95.60ae

X-Clever-Cloud-Sticky-Id

csrftoken

Tailwind is a utility-first CSS framework.

Tailwind CSS

Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.

Vue.js

Matomo Analytics is a free and open-source web analytics application, that runs on a PHP/MySQL web-server.

Matomo Analytics

core-js is a modular standard library for JavaScript, with polyfills for cutting-edge ECMAScript features.

core-js

OVHcloud is a global, cloud provider delivering hosted private cloud, public cloud, and dedicated server solutions.

severity	service	vulnerability
info	http (port:80)
info	bgp (port:179)
info	https (port:443)
info	socks (port:1080)
info	pvuniwien (port:1081)
info	abyss (port:9999)

Impact	Description	Documentation
-25	Content Security Policy (CSP) header not implemented	Implement one, see MDN's Content Security Policy (CSP) documentation.
-20	Cookies set without using the `Secure` flag or set over HTTP.	Documentation for cookies-secure-with-httponly-sessions
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

risk	name
Medium (High)	Content Security Policy (CSP) Header Not Set
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Cookie No HttpOnly Flag
Low (Medium)	Cookie Without Secure Flag
Low (Medium)	Cookie without SameSite Attribute
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Medium)	X-Content-Type-Options Header Missing
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Session Management Response Identified
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives

https://compl-alim.beta.gouv.fr

Nmap

Mozilla HTTP observatory

SSL

Grade capped to A. HSTS is not offered

Expiration : 06/08/2025

Scan OWASPenviron 1 heure

Nuclei21 jours

Séverité	Name	Matcher
info	MX Record Detection	mx-fingerprint
info	CAA Record	caa-fingerprint
info	NS Record Detection	nameserver-fingerprint
info	SPF Record - Detection	spf-record-detect
info	DNS TXT Record Detected	txt-fingerprint
info	Allowed Options Method	options-method
info	HTTP Missing Security Headers	strict-transport-security
info	HTTP Missing Security Headers	content-security-policy
info	HTTP Missing Security Headers	permissions-policy
info	HTTP Missing Security Headers	x-permitted-cross-domain-policies
info	HTTP Missing Security Headers	clear-site-data
info	HTTP Missing Security Headers	cross-origin-embedder-policy
info	HTTP Missing Security Headers	cross-origin-resource-policy
info	robots.txt endpoint prober	robots-txt-endpoint
info	robots.txt file	robots-txt
info	WAF Detection	apachegeneric
info	Detect SSL Certificate Issuer	ssl-issuer
info	SSL DNS Names	ssl-dns-names
info	TLS Version - Detect	tls-version
info	TLS Version - Detect	tls-version