vulkro cra-bundle
Build a CRA (EU Cyber Resilience Act) readiness bundle: one zip stapling a CycloneDX and SPDX SBOM, an OpenVEX exploitability document, and a compliance evidence pack, with a self-contained CRA-readiness one-pager index. Fully offline. Included in the 14-day trial and in Pro.
Framed as readiness evidence, not a conformance attestation.
Usage
vulkro cra-bundle [PATH] --framework soc2 -o cra-readiness.zip
| Argument | Description | Default |
|---|---|---|
PATH | Path to the project root. | . |
Flags
| Flag | Description | Default |
|---|---|---|
--framework <FRAMEWORK> | Framework for the bundled compliance evidence pack. | soc2 |
--output, -o <OUTPUT> | Output zip path. | ./cra-readiness.zip |
Framework values: soc2, iso27001, hipaa, pci-dss-4-0,
nist-800-53, soc2-full. (Salesforce-specific frameworks such as
cis-sf, hitrust, fedramp-moderate, nist-800-171, stateramp, and
sox-itgc are also accepted and are documented under the Salesforce
section.)
Exit codes
0bundle written, no findings.1bundle written, findings present.2scan or IO error.
Example
vulkro cra-bundle . --framework iso27001 -o cra-readiness.zip
Related
vulkro sbom- the SBOM formats stapled into the bundle.vulkro compliance-pack- the evidence pack alone.- Compliance overview - the supported frameworks.