ProofwrightWalkthrough

Generating a CRA dossier

How SBOMs, scans, and decisions compile into audit-ready technical documentation.

How the evidence you already collect compiles into audit-ready technical documentation.

1

Pull the SBOM

The current release's component inventory — the foundation the rest of the dossier references.

2

Attach vulnerability status

Every finding with its VEX decision — what's affected, what's not, and why.

3

Include the readiness assessment

Score against the CRA essential requirements, with gaps and how they were closed.

4

Compile the dossier

One document assembled from live evidence — regenerating as the product changes.

this is Proofwright

It's live.

See the real thing at Proofwright.