Skip to main content

vulkro cra-bundle

Build a CRA (EU Cyber Resilience Act) readiness bundle: one zip stapling a CycloneDX and SPDX SBOM, an OpenVEX exploitability document, and a compliance evidence pack, with a self-contained CRA-readiness one-pager index. Fully offline. Included in the 14-day trial and in Pro.

Framed as readiness evidence, not a conformance attestation.

Usage

vulkro cra-bundle [PATH] --framework soc2 -o cra-readiness.zip
ArgumentDescriptionDefault
PATHPath to the project root..

Flags

FlagDescriptionDefault
--framework <FRAMEWORK>Framework for the bundled compliance evidence pack.soc2
--output, -o <OUTPUT>Output zip path../cra-readiness.zip

Framework values: soc2, iso27001, hipaa, pci-dss-4-0, nist-800-53, soc2-full. (Salesforce-specific frameworks such as cis-sf, hitrust, fedramp-moderate, nist-800-171, stateramp, and sox-itgc are also accepted and are documented under the Salesforce section.)

Exit codes

  • 0 bundle written, no findings.
  • 1 bundle written, findings present.
  • 2 scan or IO error.

Example

vulkro cra-bundle . --framework iso27001 -o cra-readiness.zip