feat(cra): two-lane breadth — CRA-specific corpus + technical depth

All 6 security use_cases are atom-grain now. Per finding we draw two lanes: the CRA corpus (use_case=cra, the most on-point CRA obligations) + the technical depth (code_security for secure-dev, else network_security). Controls merged, deduped, each tagged with its use_case (shown in the best-practice depth). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-14 12:23:37 +02:00
parent a06c64af48
commit 398eaf3c36
4 changed files with 37 additions and 34 deletions
@@ -130,12 +130,14 @@ function FindingsTable({ findings }: { findings: CRAFinding[] }) {
                    {f.regulatory_breadth && f.regulatory_breadth.length > 0 && (
                      <div className="mt-2">
                        <p className="text-[10px] text-gray-400 mb-1">
-                          Regulatorische Breite{f.sub_topic ? ` — ${f.sub_topic}` : ''}
-                          {f.breadth_use_case ? ` · ${f.breadth_use_case}` : ''} (NIST/OWASP/ENISA-Quellen)
+                          Regulatorische Breite{f.sub_topic ? ` — ${f.sub_topic}` : ''} (CRA + NIST/OWASP/ENISA-Quellen)
                        </p>
                        <ul className="space-y-0.5">
                          {f.regulatory_breadth.map((c) => (
                            <li key={c.control_id} className="text-[10px] text-gray-600 dark:text-gray-300">
+                              {c.use_case && (
+                                <span className="inline-block rounded bg-gray-200 text-gray-600 dark:bg-gray-600 dark:text-gray-200 px-1 py-0.5 text-[9px] mr-1">{c.use_case}</span>
+                              )}
                              <span className="font-mono text-gray-500">{c.control_id}</span> {c.title}
                              <span className="text-gray-400"> · {c.source_regulation}</span>
                            </li>