Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Curated resources for the EU Cyber Resilience Act (Regulation 2024/2847): regulation, harmonised standards, EUCC, SBOM, vulnerability management, conformity assessment

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Cyberismo module for EU Cyber Resilience Act

C5-DEC: Common Criteria for Cybersecurity, Cryptography, Clouds – Design, Evaluation and Certification. AI-enabled toolkit for secure system design, development and evaluation via Common Criteria, SSDLC, SpecEngine/DocEngine, CRA, SBOM, threat modelling + risk assessment, and cryptography (incl. post-quantum), CLI/TUI/GUI

Resources related to EU's Cyber Resilience Act

Verifiable audit substrate for AI agents — EU AI Act Article 12 ready. Apache 2.0.

The EU CRA as an ebook.

Curated list of OSS and commercial tools for EU CRA, EHDS, AI Act, NIS2, DORA, MDR, GDPR compliance evidence

Open-source package firewall for npm & PyPI. Drop-in proxy that blocks malicious packages using a local OSV mirror — zero outbound calls on the hot path, full audit log, policy-driven. A free, self-hosted alternative for small and mid-sized teams.

An open post-quantum cryptography migration scanner for the European digital commons

CRA-compliant ESP32 IoT sensor node — EU Cyber Resilience Act portfolio project

Open-source CLI for preparing EU Cyber Resilience Act (Regulation 2024/2847) Article 14 notifications for the ENISA Single Reporting Platform.

EU CRA (Cyber Resilience Act, Reg 2024/2847) Annex IV classifier — 9-category essential security requirements with HMAC-signed compliance attestations. By MEOK AI Labs.

Multi-ecosystem SBOM generator — scans npm, PyPI, Conan, CMake, ROS and Makefile projects and outputs SPDX 2.3 or CycloneDX 1.6 JSON, with direct Dependency-Track upload.

This repository contains some of the code samples, diagrams and materials of the book "Practical Defensive Design, Defensive Programming and Quality Assurance principles"

Open Finnish training material on the EU Cyber Resilience Act (CRA), IEC 62443 industrial cybersecurity standards, and Software Bill of Materials (SBOM) for OT and IIoT systems. Practical examples, exercises, and tools (Syft, Grype) for engineers preparing for CRA compliance.

EU Cyber Resilience Act (Reg 2024/2847) compliance MCP for products with digital elements. CE marking, vulnerability disclosure, SBOM. MIT