The Cyber Resilience Act (CRA) is aimed at improving the security and resilience of the software components within a digital product. This session will provide a high level overview of the CRA and demonstrate how to enhance software supply chain transparency, manage risks effectively throughout the Software Development Lifecycle (SDLC), and achieve the necessary compliance by leveraging a suite of open-source Python tools.

Key areas to be addressed will include:

• Learn how to create comprehensive and high quality SBOMs to gain a clear understanding of all components within your software.
• Discover how to identify and mitigate potential risks and threats within the software supply chain throughout the entire SDLC.
• Explore effective strategies for identifying, assessing, prioritising and remediating software vulnerabilities.
• Understand how to adopt best practices to ensure compliance with relevant regulations and industry standards.

The Python tools/applications to be referenced will include sbom4python, lib4sbom, lib4vex, lib4package, distro2sbom, sbomdiff, sbomaudit and cve-bin-tool.