From Compliance To Code: The Cyber Resilience Act, SBOMs, DevTeams an... Marcus Ross & Peter Dickten

Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/ From Compliance To Code: The Cyber Resilience Act, SBOMs, DevTeams and YOU! - Marcus Ross, Hamburg Port Authority AöR & Peter Dickten, dcs-fuerth Germany The EU Cyber Resilience Act (CRA) is reshaping how manufacturers and developers must secure their products—but what does it mean for your Developer platforms, DevOps pipelines, and DevTeams? In this session, we’ll share a real-world implementation for SBOMs (Technical Guideline TR-03183 from the Federal Office of Information Security). We demonstrate how to technically address CRA mandates without drowning in compliance overhead. You will leave with - Understand the CRA’s impact on your Developers and Management even outside the EU (and why ignoring it isn’t an option). - See a production-ready workflow for SBOMs, vulnerability management, and compliance automation with OpenSource-Tools (DependencyTrack, CentralCyclone, GitOps). - Actionable insights on integrating CRA requirements with SBOM handling into your CI/CD pipelines. - A clear "why this matters" for your org., and lessons from the trenches of securing critical infrastructure with Kubernetes. - Get a checklist for team adoption - because compliance is a cultural challenge, not just a technical one.