Open-source CRA Readiness Scanner CLI for assessing EU Cyber Resilience Act readiness from SBOMs and project signals.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for JohannesKirstein from gravatar.com JohannesKirstein

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: CyberCert
  • Requires: Python >=3.9
Report project as malware

Project description

CRA Readiness Scanner (MVP)

The CRA Readiness Scanner is an open-source CLI tool that helps engineering teams quickly assess their readiness for the EU Cyber Resilience Act (CRA) from a single SBOM or project directory.

It focuses on three things:

  • SBOM presence and basic quality
  • Basic vulnerability exposure (stubbed for MVP)
  • Signals of good vulnerability-handling practices

Installation

Once published to PyPI:

pip install cra-scanner

For local development from this repository:

cd cli
pip install -e .
cra-scanner --help

Quick start

Scan a project directory (auto-discover SBOMs and signals):

cra-scanner scan .

Scan using an explicit SBOM and emit JSON to a file:

cra-scanner scan . --sbom path/to/bom.json --format json --output report.json

What the CRA Readiness Score means

The scanner returns a score from 0–100 based on:

  • SBOM (40 pts) – existence, coverage, presence of versions.
  • Vulnerabilities (30 pts) – placeholder in MVP.
  • Practices (30 pts) – presence of SECURITY.md, Dependabot, and basic documentation signals.

The score is a directional indicator, not legal advice. It is intended to highlight gaps and next steps, not certify compliance.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for JohannesKirstein from gravatar.com JohannesKirstein

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: CyberCert
  • Requires: Python >=3.9

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cra_scanner-0.1.0.tar.gz (6.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cra_scanner-0.1.0-py3-none-any.whl (8.2 kB view details)

Uploaded Python 3

File details

Details for the file cra_scanner-0.1.0.tar.gz.

File metadata

  • Download URL: cra_scanner-0.1.0.tar.gz
  • Upload date:
  • Size: 6.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for cra_scanner-0.1.0.tar.gz
Algorithm Hash digest
SHA256 e37ddb634d8155acdfc297a4a4fabd0adeef487c175bcdb5e2b8433b54f51b08
MD5 09c54bfc23b40180a48727a331980e02
BLAKE2b-256 0ca01a5d29491e439b165ee319fb83e7e4c3ff86be073225494919cb0f8238cd

See more details on using hashes here.

File details

Details for the file cra_scanner-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: cra_scanner-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 8.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for cra_scanner-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e4db3dd48eb4e0fdac44cd53583ac15f1d9b32362fca7ad72e1e8d59203ec297
MD5 6540e96c4f23485b268b50c06f45ac01
BLAKE2b-256 ccd5c1b681c71e60ed7bc1b936f55fb9f72404d62c76594fdac6c32e27a4ca05

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page