Operational evidence, not legal advice
CRA Ledger helps organize readiness evidence and workflow history. It does not provide legal advice or determine legal obligations.
ABOUT CRA LEDGER
Independent product-security evidence workflows for CRA readiness.
CRA Ledger is built by Obi Musturu, an independent product builder based near Munich, Germany. The product focuses on a practical problem: keeping SBOMs, vulnerability reviews, remediation context, audit activity, and readiness evidence connected to the product versions they belong to.
Origin
Why CRA Ledger exists
CRA readiness is not only a legal or documentation task; it requires operational proof. While software teams often already perform cybersecurity and security review work, the resulting evidence becomes scattered across SBOM files, vulnerability scanner exports, ticket trackers, spreadsheets, email approvals, and review notes.
CRA Ledger is designed to make that work reviewable by connecting product-version records, SBOM evidence, vulnerability decisions, remediation history, and audit activity. This keeps the technical context and compliance history intact in one place, ready when review or verification is required.
Builder
Built independently, with practical engineering focus
CRA Ledger is developed independently by Obi Musturu. The product is developed independently and shaped through practical feedback from software, security, and compliance practitioners as it matures.
Drawing on a background spanning hardware development, software engineering, and technical product work, the builder focuses on delivering a reliable and utility-first compliance evidence interface. By remaining independent, the product prioritizes simple, workflow-native solutions that align directly with what engineering teams actually do, without introducing team claims, certifications, legal authority, or formal audit status.
Trust & Scope
Clear scope, no overclaiming
We believe transparency is key to building credible B2B security tools. CRA Ledger has a clear operational scope, outlined by these three principles:
Readiness support, not certification
The product does not provide CRA certification, notified body approval, or a guarantee of compliance.
Early-stage and transparent
Capabilities are presented honestly as available, partial, or planned so buyers can separate current product behavior from roadmap direction.
Next step
Contact
For product questions or early access, use the contact page. For security questions or responsible disclosure coordination, use the security contact page.