sbom-cra-checker

Community

Audit SBOMs for EU CRA compliance and reporting.

Authorrobotijn
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill eliminates the risk of costly non-compliance with the EU Cyber Resilience Act (CRA) caused by invalid, unsigned, or poorly retained SBOMs, which can trigger fines of up to €15 million or 2.5% of global annual turnover for manufacturers of products with digital elements sold in the EU market.

Core Features & Use Cases

  • Regulatory Compliance Validation: Checks SBOMs against NTIA minimum elements, CRA requirements, and ENISA Single Reporting Platform (SRP) wiring rules.
  • Pipeline and Process Auditing: Verifies SBOM signing, build provenance, 10-year retention policies, and end-to-end vulnerability reporting runbooks.
  • Use Case: A SaaS company preparing for the 2026 CRA reporting deadline can use this skill to audit their release pipeline, confirm every shipped artifact has a compliant signed SBOM, and validate their 24-hour CRA notification runbook before market surveillance audits.

Quick Start

Use the sbom-cra-checker skill to audit your project's SBOMs and CRA vulnerability reporting processes for EU regulatory compliance.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sbom-cra-checker
Download link: https://github.com/robotijn/ctoc/archive/main.zip#sbom-cra-checker

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.