C CertCore

Cyber Resilience Act compliance SaaS

CertCore

EU CRA makes every shipped dependency part of your compliance file. Run product scope, SBOM, CVE triage, Article 14 reporting, and EU Declaration of Conformity drafts in one focused workflow.

Run scope check
Regulation (EU) 2024/2847 Reporting readiness: 11 Sep 2026 Main obligations: 11 Dec 2027

30-minute readiness pass

Likely in scope
Default product with digital elements Generate SBOM, map CVEs, and keep the declaration file tied to release version.

Product compliance scope

Know whether the CRA hits this release before it hits the roadmap.

The first mistake is treating CRA as a legal memo. CertCore starts with product facts: what you ship, where it is sold, how it updates, and whether it matches a risk category.

Scope classifierProduct with digital elements, EU market placement, open-source status, and category signal.
Risk routingDefault, important, or critical workflow hints with evidence requirements.
Version triggerRelease updates reopen SBOM, CVE, declaration, and calendar checks automatically.

SBOM + CVE panel

Paste dependencies. Get a usable SBOM preview and a ranked vulnerability queue.

Use this sample to see the workflow shape. In production, CertCore accepts repository scans and uploaded dependency manifests, then exports SPDX or CycloneDX.


          

            
CVE queueSorted by severity

            

          

        

      

    


    

      

        
Article 14 workflow

        
Do not improvise a vulnerability report with the clock running.

        
CertCore keeps incident timing, impact, mitigation, and follow-up state visible so the 24-hour and 72-hour steps do not live in chat threads.

      

      

        
0-24hEarly warning
Open issue, affected product, exploitability signal, mitigation owner, and first notification draft.

        
72hVulnerability notification
Structured Article 14 template with component, CVE, impact, status, and customer-facing action.

        
After fixFinal evidence
Patch version, SBOM refresh, release note, declaration impact check, and audit log closure.

      

    


    

      

        
EU Declaration of Conformity

        
Draft the declaration from product facts, not a blank document.

        
Enter a product name and category to preview the declaration fields your team should keep current.

      

      

        
        
        
        
      

      

    


    

      

        
Continuous calendar

        
Release work, ENISA reporting readiness, and audit evidence in one calendar.

      

      

        
--days to reporting readiness date
Prepare vulnerability intake, triage owners, and notification templates before 11 Sep 2026.

        
--days to main obligations date
Keep product evidence clean before 11 Dec 2027, not after a launch freeze.

        
Every releaseReassess automatically
SBOM, CVE, risk category, declaration draft, and audit log refresh when a version changes.

      

    


    

    

      
Pricing

      
Choose the CRA workflow before the deadline chooses your roadmap.

      
Annual billing is selected by default and is 50% cheaper than monthly. Studio is recommended for teams managing several products or needing SBOM API access.

    

    

      
      
    

    

      

        
        
Starter

        
1 product

        

          
          
        

        

        
Scope check, one SBOM, weekly CVE refresh, declaration draft, basic calendar.

        
      

        Default choice
        
Studio

        
5 products + SBOM API

        

          
          
        

        

        
Multi-product CRA workspace, SBOM API, daily CVE monitor, Article 14 workflow, audit log.

        
      

        
        
Publisher

        
Unlimited + white label

        

          
          
        

        

        
Unlimited products, white-label exports, enterprise support, reviewer seats, portfolio reporting.

        
      

    

  


    

      

        
Useful CRA pages

        
Research pages that answer the question before asking for the click.

        
Each page maps a common Cyber Resilience Act search to a practical product-team workflow.

      

      
Cyber Resilience Act PDFFind the official Cyber Resilience Act PDF, then convert the regulation into a practical SBOM, vulnerability, declaration, and reporting checklist.When will the Cyber Resilience Act be implemented?A practical Cyber Resilience Act implementation timeline for software and firmware teams selling digital products into the EU.Cyber Resilience Act regulationUnderstand the Cyber Resilience Act regulation through product scope, risk categories, SBOM duties, vulnerability handling, and declaration evidence.Cyber Resilience Act documentBuild a useful Cyber Resilience Act document pack: scope memo, SBOM, CVE review, vulnerability notification template, technical file, and EU Declaration of Conformity.Cyber Resilience Act certificationCyber Resilience Act certification is not a single badge. Learn the practical routes for conformity evidence, CE marking, third-party assessment, and declaration drafting.Cyber Resilience Act wikiA practical Cyber Resilience Act wiki-style overview covering scope, dates, SBOM, vulnerability reporting, conformity, and product evidence.Cyber Resilience Act logoGuidance for teams looking for a Cyber Resilience Act logo, including safe use of official marks, CE marking context, and product compliance branding.Cyber Resilience Act Official websiteUse the Cyber Resilience Act official website and EUR-Lex source links, then map the official material into product compliance work.