Unified assessments, real-time vulnerability intelligence, automated evidence, and risk remediation, powered by an adaptive compliance engine.
New to the platform? View our getting started guide
The EU Cyber Resilience Act (CRA) is a new law that requires manufacturers of digital products to meet cybersecurity standards throughout their product's lifecycle. If you develop software, hardware, or connected devices sold in the EU, the CRA applies to you.
The law focuses on three main areas: secure design (building products with security in mind), vulnerability management (finding and fixing security issues quickly), and transparency (documenting what's in your product and how you handle risks).
Meeting these requirements means tracking components, managing vulnerabilities, collecting evidence, and proving you've done your due diligence, all while keeping your team productive. Read our complete CRA compliance guide →
Guided assessments: Walk through CRA requirements step by step, with clear questions and evidence tracking built in.
SBOM intelligence: Upload software bills of materials to automatically identify vulnerabilities in your components.
Remediation tracking: Prioritize fixes, assign tasks, and track progress so nothing falls through the cracks.
Document of Conformity: Generate official compliance documents from your evidence, ready for authorities.
Ready to get started? Check out our step-by-step onboarding guide to learn how to set up your first assessment.
Key dates for the Cyber Resilience Act
The Cyber Resilience Act was officially published in the EU Official Journal.
The CRA entered into force 20 days after publication.
Manufacturers must start reporting actively exploited vulnerabilities and severe incidents.
All CRA requirements become mandatory for products with digital elements placed on the EU market.
Take our quick 2-minute assessment to find out if the EU Cyber Resilience Act applies to your product. Answer 5 simple questions to get instant guidance.
This includes paid or free software, downloads, subscriptions, or online access. You do not need a legal entity in the EU.
Everything you need to operationalize CRA readiness: guided assessments, evidence automation, vulnerability intelligence, and prioritized remediation, built for real teams.
Standardized CRA assessment workflow with a unified question set.
Streamlined evidence collection with inline uploads, SBOM auto-fill, and retention controls to reduce audit prep.
Linked SBOM & scan findings with normalized CVSS severities per asset for prioritized remediation.
Prioritized remediation plans with due dates, assignments, and deadline reminders, track progress over time.
Generate a CRA Document of Conformity from validated controls & evidence, ready for digital submission to authorities.
Actionable readiness snapshot: compliance score, vulnerability & remediation metrics, asset inventory trends.
We focus on outcomes, not checklists. The platform unifies CRA assessments, evidence, SBOM intelligence, and remediation so you can prove due diligence, and reduce real risk, without extra busywork. Learn more about CRA requirements.
Guided CRA workflows map requirements to controls, evidence, and owners. See exactly what moves your readiness score.
Ingest SBOMs, normalize vulnerabilities, and link them to affected assets for prioritized remediation.
Inline uploads, hash tracking, and retention controls create a defensible audit trail with minimal effort.
Strict tenant isolation and role‑based access ensure data is visible only to the right people.
Assignments, due dates, notifications, and dashboards keep everyone aligned from discovery to closure.
Track remediation velocity, exposure trends, and readiness improvements, connect work to outcomes.
Start free, scale when you need more assessments, assets, and remediation capacity. No hidden fees.
Evaluate the workflow with a single product scope.
Expanded capacity for small teams validating CRA readiness.
Additional Seats
Each additional seat (€15/month) provides the same capacity as the base Pro plan: 5 assessments, 5 assets, and 5 remediation plans.
For example, with 2 additional seats you get: 10 assessments, 10 assets, and 10 remediation plans.
💡 Cost-effective up to 8 seats
Pro with 8 additional seats costs €144.95/month. With 9+ seats, Enterprise (€149/month) offers unlimited capacity at a better value.
Scalable collaboration and unlimited operational scope.
All prices in EUR. Taxes may apply. Usage limits are enforced; exceeding a limit prompts an upgrade or scope reduction. Enterprise includes priority support & extended retention policies.
Questions about CRA readiness, enterprise plans, or product capabilities? Send us a note, confirm before it reaches our team.
Common questions about the EU Cyber Resilience Act and how our platform supports compliance.
The EU Cyber Resilience Act (CRA) is a regulation that requires manufacturers of digital products sold in the EU to meet mandatory cybersecurity standards throughout the product lifecycle, including secure design, vulnerability management, and transparency through SBOMs. Learn more about CRA compliance.
Our platform provides guided CRA assessments with pre-built questionnaires, automated evidence collection, SBOM-driven vulnerability intelligence, and remediation tracking, all in one place to streamline compliance and reduce manual effort.
A Software Bill of Materials (SBOM) is a complete inventory of components in your software. The CRA requires SBOMs to enable vulnerability tracking and supply chain transparency. Our platform imports SBOMs and automatically links known vulnerabilities.
No, we help you prepare for CRA compliance by organizing assessments, evidence, and remediation. For Class I and Class II products requiring third-party conformity assessment, you will still need to engage a notified body, but our platform streamlines the preparation.
Yes, the platform generates a Document of Conformity directly from your validated assessment data and evidence. This export is designed to meet regulatory requirements and can be shared with auditors or authorities.
Users can connect code repositories and manually import SBOMs to assessments, with support for popular formats and full provenance display.
Generate shareable, audit‑ready outputs directly from your data. Initial reports will include:
SBOMs are automatically imported when code changes or builds run, using webhooks and CI integrations. Import history and notifications are included.
Adds support for signed SBOMs, advanced role-based access, secure data storage, audit logs, integration with major DevOps platforms, and SBOM change visualization.