| CVE ID | Severity | CVSS | Component | Description | Remediation |
|---|---|---|---|---|---|
| {{ vuln.cve_id }} | {{ vuln.severity }} | {% if vuln.cvss_score %}{{ vuln.cvss_score }}{% else %}-{% endif %} | {{ vuln.component_name }} @ {{ vuln.component_version }} | {{ vuln.description_truncated }} | {% if vuln.fixed_version %}Upgrade to {{ vuln.fixed_version }}{% else %}No fix available{% endif %} |
| Support Period: | {{ support_period }} |
| Update Mechanism: | {{ update_mechanism }} |
CRA Annex I, Part II, Sec. 8-9: Manufacturers must provide mechanisms for secure distribution of security updates, disseminated free of charge without delay.
| # | Requirement | CRA Reference | Status | Evidence / Notes |
|---|---|---|---|---|
| {{ loop.index }} | {{ item.requirement }} | {{ item.cra_reference }} | {% if item.status == "Pass" %} PASS {% elif item.status == "Fail" %} FAIL {% else %} N/A {% endif %} | {{ item.evidence }} |
| # | Name | Version | Supplier | License |
|---|---|---|---|---|
| {{ loop.index }} | {{ comp.name }} | {{ comp.version }} | {% if comp.supplier %}{{ comp.supplier }}{% else %}Unknown{% endif %} | {% if comp.licenses | length > 0 %}{{ comp.licenses | join(sep=", ") }}{% else %}None{% endif %} |
| Full SBOM Location: | {{ sbom_file }} |
| SBOM Format: | {{ format_detected }} |
| Scan Tool: | ShieldBOM v{{ version }} |
| Scan Timestamp: | {{ timestamp }} |
CRA Annex VII requires technical documentation to include the SBOM (Sec. 2), evidence of conformity with essential requirements (Sec. 3), and vulnerability handling documentation (Sec. 4).