domain: cra
version: "1.0"
description: "Cyber Resilience Act spezifische Abhaengigkeiten"

rules:
  - name: sbom_triggers_vuln_monitoring
    description: "SBOM fuehrt zu Schwachstellenmonitoring-Pflicht"
    source_match:
      title_contains: ["SBOM", "Komponentenverzeichnis"]
    target_match:
      title_contains: ["Schwachstellenmonitoring", "Vulnerability Monitoring"]
    dependency_type: prerequisite
    condition:
      field: source.status
      op: "=="
      value: pass
    effect:
      set_status: review_required
    priority: 40

  - name: ce_partially_satisfies_evidence
    description: "CE-Zertifizierung ersetzt Teile der Einzelnachweise"
    source_match:
      title_contains: ["CE-Konformitaet", "CE-Zertifizierung", "Konformitaetserklaerung"]
    target_match:
      title_contains: ["Einzelnachweis", "Konformitaetsnachweis"]
    dependency_type: compensating_control
    condition:
      field: source.status
      op: "=="
      value: pass
    effect:
      set_status: compensated_fail
    priority: 80