CRA Ledger home
Join early access
Back to resources

Release readiness7 min readUpdated May 22, 2026

Release readiness evidence checklist

Chronological release checklists to prepare structured security evidence before release reviews.

For product security and compliance leads

Release readiness process

A clear release validation process gathers SBOMs, vulnerability rationales, and audit logs. Verify that all security actions are documented before publishing a release.

Readiness checklist

Items to verify before releasing a new product version:

Product-version records created.

CycloneDX/SPDX inventory uploaded.

Triage queue verified clean.

Open findings mapped to SLA timelines.

Exportable readiness summaries prepared.

Product alignment

How CRA Ledger maps this into a workflow

Product-version record

Released versions are anchored with metadata.

SBOM retained

Original formats are retained with source-artifact context.

Vulnerability review tracked

CVE triage decisions document ownership.

Remediation status connected

Fix updates and SLA tracking stay visible.

Decisions & timestamps preserved

Provenance is recorded for every decision.

Readiness evidence summarized

Evidence summaries keep output context reviewable.

See the product workflow

Notice

Operational guidance only. Confirm product scope and CRA duties with official sources and advisers.

CRA Ledger supports readiness workflows and evidence organization. It does not guarantee compliance or replace legal advice.

Related resources

Continue through the evidence workflow

Release readiness overviewCRA compliance guidelinesBrowse all resources