SBOM Generation

Automated software bill of materials for CRA Annex I compliance.

CRA Annex I requires manufacturers to maintain and make available a Software Bill of Materials (SBOM) listing all components of their product. CRAReady generates CycloneDX 1.6+ SBOMs automatically from your GitHub repository or a ZIP upload — no manual component cataloguing required.

Generate Your First SBOM

Everything you need

GitHub App integration — connect a repository, trigger a scan, get a CycloneDX SBOM
ZIP upload support for codebases without GitHub integration
Syft-powered scanning: detects 200+ package ecosystems
Direct/transitive dependency classification per component
Scheduled scans (weekly, monthly, quarterly) with diff history
Export CycloneDX JSON for submission or audit

How it works

1

Connect or upload

Link your GitHub repository via OAuth App or upload a source ZIP archive up to 500MB.

2

Scan runs automatically

Syft analyses your codebase and generates a CycloneDX 1.6+ SBOM listing all detected components.

3

Track changes over time

Diff view shows components added, removed, or updated since your last scan.

Ready to get started?

Join manufacturers already using CRAReady to manage their CRA compliance obligations.

Generate Your First SBOM