Last Updated: February 13, 2026
This document outlines the software security measures applied to the django-exemple project (Newspaper API), with a policy style aligned with the EU Cyber Resilience Act (CRA) expectations.
- All Python runtime dependencies are pinned in
requirements.txt. - A Software Bill of Materials (SBOM) is generated in CycloneDX JSON format (
sbom.json). - Vulnerability audits are run with
pip-audit.
pip-audit -r requirements.txt > audit-report.txtdocker compose exec web pip-audit -r requirements.txt > audit-report.txtcyclonedx-py requirements --output-file sbom.json --output-format json- Date: February 13, 2026
- Tool:
pip-audit - Result: No known vulnerabilities found
- SBOM generated:
sbom.json
- After each dependency update
- Before every major release
- In CI on pull requests (recommended)
- An audit report (
audit-report.txt) is retained. - Internal impact analysis is performed for each finding.
- Critical vulnerability target SLA: mitigation or patch within 72 hours.