CRA Evidence is a platform designed to support manufacturers, importers, and distributors in meeting the requirements of the EU Cyber Resilience Act (CRA) ahead of the December 2027 enforcement deadline. It addresses the challenge of demonstrating and maintaining verifiable proof of conformity for products placed on the European market, offering tools to manage compliance evidence and technical documentation throughout the product lifecycle.
The platform provides a range of features centered around compliance management, including the generation and validation of Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) in CycloneDX and SPDX formats. dev, and CISA KEV, and utilizes EPSS scoring to help prioritize remediation efforts. CRA Evidence enables the creation of technical files required for CE marking, manages risk assessments, and generates EU Declarations of Conformity. It also supports automated generation and authoring of VEX (Vulnerability Exploitability eXchange) statements, and includes tools for ENISA incident reporting and tracking compliance deadlines.
Designed for integration into development workflows, CRA Evidence features an API-first architecture, supporting automated artifact uploads from CI/CD pipelines and compatibility with platforms like GitHub Actions and GitLab CI. It offers REST API and webhook notifications, allowing connections with tools such as Jira, Slack, and GitHub. The platform provides tailored dashboards and workflows for different roles, including manufacturers, importers, and distributors, ensuring that each user type can access the compliance processes relevant to their responsibilities. Product versioning and traceability are supported, with the ability to link artifacts, documents, and vulnerabilities to specific product releases.
Additional capabilities include the generation of Digital Product Passports with QR codes for physical labeling, export options in JSON-LD and PDF formats, and multi-language support covering all 24 official EU languages. CRA Evidence also facilitates conformity assessment against the CRA’s essential cybersecurity requirements and offers audit-ready export packages for regulatory and market surveillance needs. The platform is accessible via web application and is designed to help organizations prepare for and maintain ongoing CRA compliance.
craevidence is a CI/CD & build automation product. It focuses on automating the integration of CRA Evidence into CI/CD workflows for improved cybersecurity compliance. craevidence is an open-source project aimed at devops engineers. The project is open source (MIT). The product ships for the web and the command line.
It is developed by craevidence, and the product first shipped in 2026. Across PulseGate's embedding index, craevidence has few near neighbours, marking it as relatively distinct. Among its 5 catalogued features are CI/CD integration, SBOM support, and cybersecurity compliance.
Latest indexed changes and source events
Other apps tracked under the same category.