The EU Cyber Resilience Act requires continuous compliance evidence from your software development process. Reporting obligations start in September 2026. Check your readiness below — then scan your repo for free.
Until CRA reporting obligations begin (Article 14)
Can your team answer yes to these today? Tick what you have in place.
Start your assessment to see where you stand.
Most teams have 4-6 months of work to close critical gaps. Run a free scan to get your personalised roadmap.
Scan Your Repo Free →No sign-up required. Read-only access. Your code is never stored.
21 Essential Requirements, 5 Categories
Annex I of the Cyber Resilience Act defines what every software product must demonstrate. Concordance maps your engineering practices to each requirement automatically.
Products delivered with secure defaults, minimal attack surface, limited exploit impact
Confidentiality, integrity and availability of stored, transmitted and processed data
Protection against unauthorised access, logging of security-relevant events
Availability functions, resilience and mitigation against denial-of-service
Identification, documentation, remediation and disclosure of vulnerabilities
From evidence gap to audit-ready in weeks, not months.
OAuth to GitHub, GitLab, or Bitbucket. Read-only. 60 seconds.
50 engineering protocols scored from real toolchain data. Not surveys.
Every protocol maps to specific Annex I requirements with evidence strength.
Prioritised remediation playbook. Close critical gaps first.
Don't wait for your auditor to tell you.
Teams that start now will have 4+ months of continuous evidence by the September deadline. Teams that wait will be scrambling.