Ressourcen

Leitfäden für SBOM Evidence und CRA-Readiness.

Lesen Sie praxisnahe Ressourcen zu Product-Version Evidence, Vulnerability Review und Release-Readiness. Einzelne Artikel bleiben derzeit in englischer Sprache.

Startpunkt

Drei Guides zum Verständnis des Evidence Workflows.

Folgen Sie dem Pfad vom CRA-Readiness Kontext über SBOM Evidence bis zur Vulnerability Review History. Die einzelnen Guides bleiben aktuell auf Englisch.

01

CRA readiness

What the Cyber Resilience Act means for software product teams

Understand CRA readiness, product-version evidence, SBOMs, vulnerability handling, remediation history, and the 2026/2027 readiness timeline.

For product security, compliance, and engineering teams· 10 min readEnglisch
Guide lesen

02

SBOM evidence

How SBOMs support CRA readiness

Learn how CycloneDX and SPDX records become useful evidence when they are validated, linked to product versions, retained, and connected to vulnerability review.

For engineering and product security teams· 8 min readEnglisch
Guide lesen

03

Vulnerability review

Why vulnerability review needs evidence history

See how CVE triage, ownership, SLA pressure, review decisions, and remediation updates become retained product-security evidence.

For product security and compliance teams· 9 min readEnglisch
Guide lesen

Workflow Mapping

Vom Guide zum Workflow

Jeder Guide mappt auf einen Teil des CRA Ledger Evidence Workflows.

CRA-Readiness

Product-Version Evidence und Readiness-Zeitlinien verstehen.

Product MappingProduct-Version Records

SBOM Evidence

Lernen, wie CycloneDX/SPDX Records retained Evidence unterstützen.

Product MappingSBOM Intake und Component Records

Vulnerability Review

CVE-Triage, Ownership und Remediation-Entscheidungen verbinden.

Product MappingFinding Review und Evidence History

Readiness Output

Strukturierte Evidence Summaries für interne und Kunden-Reviews vorbereiten.

Product MappingReadiness Reporting

Resource Library

Weiter mit praktischen Guides und Workflows.

Der erste Pfad deckt Evidence-Grundlagen ab. Diese Ressourcen gehen tiefer in retained Records, Herstellerkoordination, Formate und operative Workflows. Die einzelnen Artikel bleiben aktuell auf Englisch.

Product security evidence

Product security evidence checklist

A practical checklist for artifacts, decisions, activity history, and product-version records.

For release and compliance reviews· 6 min readEnglisch
Guide lesen

CRA readiness

How manufacturers can prepare product-security records for CRA

How product-version records, SBOM retention, and vulnerability handling support readiness workflows.

For manufacturers and compliance leads· 7 min readEnglisch
Guide lesen

SBOM evidence

CycloneDX vs SPDX for CRA readiness workflows

How supported SBOM formats can feed intake, normalization, vulnerability review, and retained evidence.

For SBOM and platform owners· 6 min readEnglisch
Guide lesen

Vulnerability review

Vulnerability remediation evidence checklist

A structured process guide for tracking vulnerability remediation, SLA targets, and retained evidence.

For engineering and product security teams· 6 min readEnglisch
Guide lesen

Release readiness

Release readiness evidence checklist

Chronological release checklists to prepare structured security evidence before release reviews.

For product security and compliance leads· 7 min readEnglisch
Guide lesen

SBOM evidence

SBOM management for product teams

How product leads and engineering leads can organize software component ingestion and retention.

For product managers and engineering leads· 6 min readEnglisch
Guide lesen

Topics covered

CRA ReadinessSBOM EvidenceVulnerability ReviewProduct Security EvidenceRelease ReadinessGuides & Checklists

Next step

Machen Sie CRA-Readiness Guidance zu einem Evidence Workflow.

Buchen Sie eine fokussierte Produktdemo des SBOM-to-Evidence Workflows.