This document is under active development and has not been finalised.

CRA ComplianceCyber Resilience Act

Complete compliance documentation for Regulation (EU) 2024/2847 & NIS2

SBOM & Signing

Software Bill of Materials – generation, archival, and Cosign-based signing per release using CycloneDX JSON

Automated CVE monitoring, dependency scanning, patch management, and risk assessment

Incident response playbook, ENISA reporting processes (24h/72h/14d), and Coordinated Vulnerability Disclosure

Dependency policies, Docker base image monitoring, and third-party component assessment

Product description, security architecture, update mechanisms per Annex VII CRA

Internal control (Module A), product classification, and EU Declaration of Conformity

Complete mapping of all CRA articles to documentation and tooling