EU Cyber Resilience Act (CRA) Compliance Report

{{ product_name }} v{{ product_version }}
Manufacturer:
{{ manufacturer }}
Report Date:
{{ timestamp }}
Product ID:
{{ product_id }}
SBOM Source:
{{ sbom_file }} ({{ format_detected }})

1 SBOM Summary

{{ stats.total_components }}
Components
{{ stats.critical }}
Critical
{{ stats.high }}
High
{{ stats.medium }}
Medium
{{ stats.low }}
Low
{{ stats.license_issues }}
License Issues
{% if license_breakdown | length > 0 %}
License Breakdown:
    {% for lic in license_breakdown %}
  • {{ lic.name }}: {{ lic.count }} component{{ lic.count | pluralize }}
  • {% endfor %}
{% endif %}

2 Vulnerability Disclosure

{% if vulnerabilities | length > 0 %} {% for vuln in vulnerabilities %} {% endfor %}
CVE ID Severity CVSS Component Description Remediation
{{ vuln.cve_id }} {{ vuln.severity }} {% if vuln.cvss_score %}{{ vuln.cvss_score }}{% else %}-{% endif %} {{ vuln.component_name }} @ {{ vuln.component_version }} {{ vuln.description_truncated }} {% if vuln.fixed_version %}Upgrade to {{ vuln.fixed_version }}{% else %}No fix available{% endif %}
{% else %}
No known vulnerabilities found in scanned components.
{% endif %}

3 Security Update Information

Support Period: {{ support_period }}
Update Mechanism: {{ update_mechanism }}

CRA Annex I, Part II, Sec. 8-9: Manufacturers must provide mechanisms for secure distribution of security updates, disseminated free of charge without delay.

4 Conformity Assessment — CRA Essential Requirements

{% for item in checklist %} {% endfor %}
# Requirement CRA Reference Status Evidence / Notes
{{ loop.index }} {{ item.requirement }} {{ item.cra_reference }} {% if item.status == "Pass" %} PASS {% elif item.status == "Fail" %} FAIL {% else %} N/A {% endif %} {{ item.evidence }}

5 Component Inventory ({{ components | length }})

{% if components | length > 0 %} {% for comp in components %} {% endfor %}
# Name Version Supplier License
{{ loop.index }} {{ comp.name }} {{ comp.version }} {% if comp.supplier %}{{ comp.supplier }}{% else %}Unknown{% endif %} {% if comp.licenses | length > 0 %}{{ comp.licenses | join(sep=", ") }}{% else %}None{% endif %}
{% else %}
No components found.
{% endif %}

6 Technical Documentation Reference

Full SBOM Location: {{ sbom_file }}
SBOM Format: {{ format_detected }}
Scan Tool: ShieldBOM v{{ version }}
Scan Timestamp: {{ timestamp }}

CRA Annex VII requires technical documentation to include the SBOM (Sec. 2), evidence of conformity with essential requirements (Sec. 3), and vulnerability handling documentation (Sec. 4).