FR/EN SEO pages
CRA SBOM and vulnerability handling checklist
Operational plan to generate an SBOM, monitor CVEs, handle vulnerabilities and document decisions.
24hearly warning for exploited vulnerability or severe incident
72hfull notification after becoming aware
14dfinal report after a fix for exploited vulnerability
2027-12-11general application of CRA requirements
CRA product diagnostic
- Trace components - Build an SBOM per version and connect dependencies, third-party components, licences, owners and support status.
- CVE source of truth - Monitor NVD, supplier advisories, GitHub Security Advisories, OSV and critical component bulletins.
- Industrialisation - Stabilise SBOM, security updates, technical file, security tests, EU declaration and importer workflows.
Templates ready to adapt
Product: [name/version]. Type: [exploited vulnerability/severe incident]. Awareness time: [UTC]. Known affected Member States: [list]. Suspected malicious act: [yes/no/unknown]. Immediate measures: [containment]. Crisis contact: [name/email/phone].