CRAFree

SBOM & Dependency Audit Checker

Guided inventory and vulnerability audit of your software components. Generate a Software Bill of Materials (SBOM) to demonstrate CRA Annex I(1) compliance: no known exploitable vulnerabilities at market placement.

Product Name

Component Inventory

Check each box once you have listed all components in that category.

Open-source dependencies

npm/PyPI/Maven packages, Git dependencies, and any third-party open-source code

Commercial/proprietary components

Licensed libraries, closed-source SDKs, and vendor-supplied modules

OS and platform dependencies

Kernel, system libraries, runtime environments (Node.js, Python, JVM, etc.)

Firmware and drivers

Bootloaders, BIOS, device drivers, and microcode

Important Legal Disclaimer

This tool is a self-assessment aid only and does not constitute legal advice, a formally certified compliance assessment, or an independently audited report.

Outputs — including reports, scores, checklists, and generated documents — are for internal use and should be reviewed by a qualified legal representative or independent AI compliance auditor before being relied upon for regulatory, procurement, or public-disclosure purposes.

This tool does not replace a notified body conformity assessment where one is required under Art. 43(1) of the EU AI Act (e.g. biometric identification systems for law enforcement).

All assessment risk lies with the user. AIAuditRef, its developers, and staff accept no liability for losses arising from use of or reliance on these outputs. Always verify against official sources: the EU AI Act (Regulation 2024/1689) and your national enforcement authority.