Stack Canary
← All tools

CRA Compliance Templates

Free, ready-to-use templates for key CRA documentation requirements. Download and adapt for your product.

🛡️

Vulnerability Disclosure Policy

A ready-to-adapt coordinated vulnerability disclosure (CVD) policy template, covering intake process, response timelines, safe harbor language, and public disclosure procedures. Required under CRA Annex I, Part II.

Download MarkdownAnnex I, Part II, (5)
📋

SBOM Example (CycloneDX)

A realistic CycloneDX 1.5 SBOM example for an embedded product with RTOS components, third-party libraries, and proper CPE/PURL identifiers. Use as a reference for your own SBOM generation pipeline.

Download JSONAnnex I, Part II, (1)
📝

Technical Documentation Outline

Structured outline for CRA-required technical documentation, including product description, risk assessment, security architecture, conformity assessment references, and SBOM placement.

Download MarkdownArticle 31

Need help with CRA compliance?

Start with our free assessment to identify your product's specific compliance gaps and get personalized recommendations.

Take the CRA assessment