{% if domain %}{% endif %} CRA Compliance Report - Finite State Report
{% if logo_path %}
{% else %}
{% endif %}

CRA Compliance Report

EU Cyber Resilience Act — Exploited Vulnerability Assessment
Report: CRA Compliance | Generated: {{ generated_at }} | Scope: {{ scope_label | default('All Projects') }}
{% if summary.total_count | default(0) > 0 %}
⚠ CRA Notification Obligation: {{ summary.total_count }} actively exploited vulnerabilit{{ 'y' if summary.total_count == 1 else 'ies' }} detected. EU CRA Article 14 requires notification to ENISA within 24 hours.
{% endif %}
Total Findings
0 %}style="color: #dc2626;"{% endif %}>{{ summary.total_count | default(0) }}
KEV Listed
0 %}style="color: #dc2626;"{% endif %}>{{ summary.kev_count | default(0) }}
Known Exploits
0 %}style="color: #ea580c;"{% endif %}>{{ summary.known_exploit_count | default(0) }}
Critical
0 %}style="color: #7f1d1d;"{% endif %}>{{ summary.critical_count | default(0) }}
High
0 %}style="color: #ea580c;"{% endif %}>{{ summary.high_count | default(0) }}
Open
{{ summary.open_count | default(0) }}
Triaged
{{ summary.triaged_count | default(0) }}
{% if project_dossiers and project_dossiers | length > 0 %}

Affected Projects

{{ project_dossiers | length }} project(s) contain actively exploited vulnerabilities requiring CRA notification assessment.

{% for dossier in project_dossiers %}
{{ dossier.project_name }} {% if dossier.critical_count > 0 %} {{ dossier.critical_count }} Critical {% endif %} {% if dossier.high_count > 0 %} {{ dossier.high_count }} High {% endif %} {% if dossier.kev_count > 0 %} {{ dossier.kev_count }} KEV {% endif %} {% if dossier.exploit_count > 0 %} {{ dossier.exploit_count }} Exploit {% endif %} {{ dossier.finding_count }} finding(s)
{% if dossier.top_cves %} {% for cve in dossier.top_cves %} {% endfor %}
CVE ID Severity CVSS Component CRA Trigger
{{ cve.cve_id }} {{ cve.severity }} {{ "%.1f"|format(cve.cvss_score) if cve.cvss_score else "—" }} {{ cve.component }} {{ cve.cra_trigger }}
{% if dossier.finding_count > 5 %}

Showing top 5 of {{ dossier.finding_count }} findings. See full findings table below for details.

{% endif %} {% endif %}
{% endfor %}
{% endif %} {% if cra_findings and cra_findings | length > 0 %}

All CRA-Relevant Findings

{% for row in cra_findings %} {% endfor %}
CVE ID Severity CVSS Component Project CRA Trigger Status EPSS Score
{{ row.cve_id }} {{ row.severity }} {{ "%.1f"|format(row.cvss_score) if row.cvss_score else "—" }} {{ row.component }}{% if row.component_version %} {{ row.component_version }}{% endif %} {{ row.project }}{% if row.project_version %} ({{ row.project_version }}){% endif %} {{ row.cra_trigger }} {{ row.status }} {% if row.epss_score is not none %}{{ '%.4f' | format(row.epss_score) }}{% else %}—{% endif %}
{% endif %}

Generated by | {{ generated_at }}

Copyright © 2026 Finite State, Inc.

{% include '_action_buttons.html' %}