The Cyber Resilience Act (CRA) will be coming into effect in a few short years. The Zephyr project has been working towards making it easier for product makers to comply with the CRA over the last few years, and will continue to work with the community to refine these capabilities as more details become available.

From automatic "Build SBOM" generation to LTS vulnerability fixes, the project has some useful starting points already in place that will help product makers leveraging Zephyr in their solutions.

This talk will discuss what is available, and where some of the gaps will be for product makers to consider.