ABOUT CRA LEDGER

Independent product-security evidence workflows for CRA readiness.

CRA Ledger helps software teams keep SBOMs, vulnerability reviews, remediation context, audit activity, and readiness evidence connected to the product versions they belong to.

Why it exists

Product-security evidence should not disappear into tools and threads.

CRA readiness is not just a documentation exercise. Software teams already generate security evidence through SBOM intake, vulnerability review, remediation work, release discussions, audit activity, and customer assurance requests. The problem is that this evidence often becomes scattered across scanner exports, ticket trackers, spreadsheets, approvals, and notes.

CRA Ledger is designed to make that operational work reviewable by keeping product-version records, evidence artifacts, decisions, remediation context, and activity history connected in one workflow.

Practical engineering focus

Built independently, near Munich, with a workflow-first mindset.

CRA Ledger is an independent product built near Munich, Germany, with a practical engineering focus on product-security evidence workflows for Cyber Resilience Act readiness.

The product favors utility over theater: clear intake, reviewable decisions, retained evidence history, and operational status that product-security, compliance, and engineering teams can use during readiness planning.

Clear scope

Clear scope, no overclaiming

CRA Ledger is positioned as operational software for evidence workflows. It supports readiness preparation, but it does not make legal determinations, provide certification, or claim formal audit status.

Operational evidence, not legal advice

CRA Ledger helps organize readiness evidence and workflow history. It does not provide legal advice or determine legal obligations.

Readiness support, not certification

The product does not provide CRA certification, notified body approval, or a guarantee of compliance.

Early-stage and transparent

Capabilities are presented honestly as available, partial, or planned so buyers can separate current product behavior from roadmap direction.

Next step

Contact

For product questions or early access, use the contact page. For security questions or responsible disclosure coordination, use the security contact page.