CRAGuard Compliance Portal for the EU Cyber Resilience Act

CRAGuard automates EU Cyber Resilience Act compliance for WordPress. Generate SBOMs, deploy secure VDPs, and track 24h ENISA deadlines.

External Services

This plugin acts as a client connecting to a secure, external API gateway (hosted on Supabase) to process and store Vulnerability Disclosure Program (VDP) reports remotely. This prevents sensitive zero-day exploit data from being exposed in your local WordPress database.

• Service Used: Supabase (Backend-as-a-Service API)
• Data Sent: When a user submits a VDP bug report form, the plugin securely transmits the Site URL, Reporter Email, and Vulnerability Details to the external database via Edge Functions. The plugin also connects to this service to verify API license keys and retrieve active threat telemetry for the premium dashboard.
• Supabase Privacy Policy: https://supabase.com/privacy
• Supabase Terms of Service: https://supabase.com/terms

Features Engineered for CRA Compliance

CRAGuard provides the core architecture necessary to satisfy EU market regulations, protecting your clients and maintaining strict security telemetry logs.

Core Architecture (100% Free Edition):

• Vulnerability Disclosure Program (VDP): Instantly deploy a secure, encrypted front-end reporting portal using the [craguard_vdp] shortcode to satisfy the CRA mandate for a public researcher point-of-contact.
• 1-Click SBOM Generator: Programmatically maps your active WordPress environment (core, themes, plugins) and exports a legally compliant Software Bill of Materials (SBOM) in JSON format.
• 24/7 Background System Scanner: An automated cron engine scans your server architecture every 24 hours for high-risk vulnerabilities (outdated core software, missing SSL, open registration parameters) and issues immediate local alerts.

Premium Cloud API Infrastructure:

For agencies managing critical B2B infrastructure or high-volume client sites, the premium tier connects the plugin to our secure cloud environment:
* Encrypted Cloud Telemetry: Routes incoming bug reports securely to a centralized database via our API Gateway, preventing zero-day vulnerabilities from sitting in your local database.
* VDP Cloud Telemetry Dashboard: View and manage external security logs directly from your WordPress admin panel.
* 24-Hour ENISA Urgency Dashboard: Tracks active, unresolved security incidents with a live, visual countdown timer pulling from cloud telemetry, ensuring your development team never misses a mandatory reporting deadline.

1. Upload the craguard-compliance-portal folder to your /wp-content/plugins/ directory.
2. Activate the plugin through the ‘Plugins’ menu in your WordPress dashboard.
3. Click on the new “CRA Compliance” terminal in your admin sidebar.
4. Create a new public page (e.g., yourdomain.com/security) and paste the [craguard_vdp] shortcode to deploy your live reporting form.

1.1.0

• Unlocked Local SBOM Generator and Automated Background Scanner for all users (100% free).
• Shifted Premium architecture to exclusively manage Cloud API Telemetry and data segregation.
• Documented external API usage (Supabase) in readme.txt for Guideline 6 compliance.
• Enqueued JS/CSS natively, replacing inline HTML script/style tags.

1.0.1

• Hardened nonce sanitization protocols for strict WordPress repository compliance.
• Upgraded architecture from manual scanning to a 24-hour automated background cron scanner.
• Optimized dashboard UI and updated plugin slug for repository indexing standards.

1.0.0

• Initial Production Release.
• Deployed secure VDP shortcode routing and CRA compliance terminal.