Keynote presentation that cuts through the confusion surrounding the European Union's Cyber Resilience Act (CRA) and its implications for cloud native technologies. Explore how the CRA affects both the software you create and the dependencies you rely on, with expert guidance from Eddie Knight (OSPO Lead at Sonatype) and Michael Lieberman (CTO at Kusari). As leaders of CNCF's Technical Advisory Group for Security and maintainers of the OpenSSF Security Baseline, the speakers provide valuable insights on navigating CRA compliance. Learn through this light-hearted exploration how cloud technology, open source projects, and end users can benefit from the CRA while understanding how software creators can avoid legal pitfalls. This 15-minute talk was presented at a CNCF event, part of the KubeCon + CloudNativeCon conference series.