CRA Compliance
Vulnerability management for connected products

Vulnerability identification and management

Centraleyezer continuously ingests vulnerability data from your scanners and maps findings to affected product components, giving you an auditable record of every identified vulnerability.

Coordinated vulnerability disclosure policy

Remediation workflows and audit trails document when vulnerabilities were identified, assessed, and addressed — the structured record needed for responsible disclosure to ENISA and national authorities.

Reporting obligations to ENISA

Automated evidence collection captures contextual risk score, asset scope, exposure, and remediation timelines — the data points your team needs when preparing 24-hour and 72-hour CRA notifications. Centraleyezer does not file the notifications themselves.

Secure by default — no known exploitable vulnerabilities

Risk scoring combines DREAD, asset criticality, network exposure, exploitability, and CTI signals. Any known exploitable finding blocking a release is flagged automatically with a SLA breach alert.

Security update handling throughout support period

Findings lifecycle tracks open → in remediation → verified status. Every state change is timestamped and attributed, creating the support-period audit trail the CRA requires.

Software bill of materials (SBOM) and component tracking

Software inventory and supply chain tracking modules catalogue software components and their versions, supporting SBOM generation and third-party component vulnerability management.