The EU Cyber Resilience Act (CRA) sets new requirements for digital product security. In future, manufacturers will not only have to implement security measures, but also document them transparently. The Software Bill of Materials (SBOM) is a key tool for identifying security gaps, ensuring compliance and building trust in complex supply chains.

We demonstrate in a practical way how SBOMs can be used effectively in the CRA context – from the perspective of both manufacturers and consumers. This highlights how regulatory requirements can be implemented technically and organisationally and how companies are already benefiting from SBOMs today. Using a practical example, we will demonstrate the SBOM lifecycle in a compact form: creation during build, publication via container registr ...