The Cyber Resilience Act (CRA) will be arriving in the European Union in 2027, and with it a lot of new obligations. What we already consider good practices in our software industry today will be required by law tomorrow. In this talk, we will take a look at what's inside the CRA, who will be affected by it, and what new requirements we will have to fulfil. After that, we will take a look at tooling to generate Software Bill of Materials (SBOMs) for our .NET and JavaScript projects, as well as how to visualise and integrate them into existing CI workflows. Last but not least, we will take a look at how to handle the required vulnerability management with (semi-)automated dependency updates by utilising tools like Dependabot or Renovate and how to reduce dependencies with distroless images.