The AboutCode stack provides you with the tools you need to support CRA Compliance activities, including code scanning and analysis, license identification, vulnerability management, and SBOM generation.
https://dejacode.readthedocs.io/en/latest/reference-3-cravex.html