Documentation

CVD Portal Documentation

Everything you need to deploy, configure, and operate your CRA-compliant vulnerability disclosure program.

Getting Started API Reference CRA Compliance

Getting Started

Set up your CVD Portal workspace and configure your first disclosure workflow.

Quick Start Guide

Creating Your Company Workspace

Publishing Your CVD Policy URL

Configuring Your security.txt

Inviting Team Members & Roles

Receiving Vulnerability Reports

How researchers submit reports and how your team triages them.

Public Submission Form

Anonymous & PGP-Encrypted Reports

48-Hour Acknowledgment SLA

Submission Lifecycle & Statuses

Coordinator AssignmentNew

Triage & Verification

Assess, verify, and prioritize vulnerability reports.

CVSS 3.1 CalculatorNew

Requesting Additional Information

Risk Assessment Workflow

Severity-Based Prioritization

Remediation & Release

Document decisions, track fixes, and publish advisories.

Remediation Decision Tracking

CSAF 2.0 Advisory Export

User Advisory Generation

Post-Release Verification

Supply Chain & SBOM

Manage your software and hardware bill of materials.

SBOM Registry (SPDX / CycloneDX)

Hardware Component Registry

NVD Threat Intelligence Integration

Monitoring Source Configuration

Upstream Component Reporting

CRA Compliance

Map your obligations and track regulatory readiness.

CRA Obligation Matrix

Article 14 Authority Notifications

24-Hour Early Warning Workflow

Audit Log & Evidence Trail

Compliance Analytics Dashboard

API Reference

Programmatic access to your CVD Portal data.

REST API Overview

Authentication & API Keys

Vulnerability Submission Endpoint

Compliance Status Endpoint

Webhook Integration

AI Agent Skills

Administration

Workspace settings, billing, and team management.

Notification Preferences

Security Reviews & Test Plans

Billing & Subscription Tiers

Data Export & Portability

Need help?

Can't find what you're looking for? Our team is here to help.

Contact Support