While the web form is ideal for external researchers, internal security tools and automated scanners require a programmatic way to report findings. The CVD Portal API enables you to Automate Submissions directly from your SAST, DAST, and bug bounty platforms. This centralized ingestion ensures that all vulnerabilities, regardless of their source, are tracked and managed within a single, CRA-compliant framework.
The submission endpoint accepts structured JSON payloads containing all necessary vulnerability details, including descriptions, affected components, and initial severity assessments. This allows your automated tooling to directly populate the triage queue, immediately initiating the required SLA timers. The API also supports the secure upload of supporting evidence, such as scan logs or proof-of-concept scripts.
By centralizing ingestion via the API, you eliminate siloed vulnerability data and ensure that your triage teams have a comprehensive, prioritized view of the organization's entire risk landscape, enabling faster and more coordinated remediation efforts.