MMCRA Toolkit Features

The EU Cyber Resilience Act, article by article

Regulation (EU) 2024/2847 — what each article means for someone shipping a commercial WordPress plugin into the EU market. Written without legalese. Updated as ENISA publishes harmonised standards.

SBOM generator

Generate a valid CycloneDX 1.6 Software Bill of Materials for your WordPress plugin in one click. MMCRA Toolkit reads your composer.lock and package-lock.json and emits PURLs, licenses, and supplier metadata — the dependency inventory CRA Annex II expects.

Plugin Scanner

Map your plugin's attack surface the way an auditor would: REST routes, AJAX handlers, capability checks, custom tables, outbound HTTP, and risk flags, written up as HTML and JSON for your CRA technical file.

Vulnerability Disclosure Policy

Draft and publish a vulnerability disclosure policy along ISO/IEC 29147 lines, with the [mmcra_vdp] shortcode and a rate-limited intake form. Give researchers the discoverable reporting channel CRA Article 13 requires — published from inside WordPress in minutes.

EU Declaration of Conformity

Produce a signed EU Declaration of Conformity for each plugin you ship, structured to CRA Annex V. MMCRA Toolkit fills in manufacturer identity, applied standards, and conformity route from your settings — export to HTML, print to PDF, sign, and file.

Vulnerability monitoring & incident reporting

Check every dependency in your plugin against OSV.dev — on demand in free, on a weekly cron with email alerts and AI triage in Pro. The ongoing vulnerability handling CRA Article 14 expects, running quietly inside your WordPress.