sbom-cra-checker
CommunityAudit SBOMs for EU CRA compliance and reporting.
Legal & Compliance#supply chain security#sbom#cyber resilience act#vulnerability reporting#cra compliance#enisa srp#ntia minimum elements
Authorrobotijn
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill eliminates the risk of costly non-compliance with the EU Cyber Resilience Act (CRA) caused by invalid, unsigned, or poorly retained SBOMs, which can trigger fines of up to €15 million or 2.5% of global annual turnover for manufacturers of products with digital elements sold in the EU market.
Core Features & Use Cases
- Regulatory Compliance Validation: Checks SBOMs against NTIA minimum elements, CRA requirements, and ENISA Single Reporting Platform (SRP) wiring rules.
- Pipeline and Process Auditing: Verifies SBOM signing, build provenance, 10-year retention policies, and end-to-end vulnerability reporting runbooks.
- Use Case: A SaaS company preparing for the 2026 CRA reporting deadline can use this skill to audit their release pipeline, confirm every shipped artifact has a compliant signed SBOM, and validate their 24-hour CRA notification runbook before market surveillance audits.
Quick Start
Use the sbom-cra-checker skill to audit your project's SBOMs and CRA vulnerability reporting processes for EU regulatory compliance.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sbom-cra-checker Download link: https://github.com/robotijn/ctoc/archive/main.zip#sbom-cra-checker Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.