CRAdarCheck

SBOM vulnerability scanner

The CRA (Annex I Part II) requires you to know your components and their vulnerabilities. Paste an SBOM, get the answer. Don't have an SBOM yet? Run syft . -o cyclonedx-json in your repo.

Processed in memory, never stored. Vulnerability data: OSV.dev (Google's open vulnerability database).