Vulnerability Analyzer
An automated pipeline that evaluates your system inventory against global security intelligence to support EU Cyber Resilience Act (CRA) compliance. It tracks machine-readable Software Bills of Materials (SBOMs), cross-references active vulnerabilities against the National Vulnerability Database (NVD) and the EU Vulnerability Database (EUVD), and uses the Gemini AI engine to compile the risk assessment and End-of-Life (EOL) documentation required for market conformity.
⬡ Step 1: Install Dependencies & Libraries
⬡ Step 2: Run Retrieval Commands
To run the analysis and generate Cyber Resilience Act (CRA) evidence, please note the following file requirements:
- OPENVED.txt (Required): The active vulnerability list. The analysis cannot run without it.
- sbom.json (Optional): The Software Bill of Materials. While optional, it is strongly recommended to include component inventories in your final report.
- Version File (Optional): Used to identify the OS and determine its End-of-Life (EOL) status.
💡 Note: To generate full CRA evidence, you must provide both the vulnerability list and the SBOM. If the Version file is missing, the system will use the SBOM combined with AI to deduce the system's EOL.