The Common Security Advisory Framework (CSAF) is the modern standard for machine-readable vulnerability advisories. Exporting and publishing your vulnerability data in CSAF format is increasingly becoming a mandate for regulatory compliance, including under the Cyber Resilience Act (CRA), as it enables automated ingestion and analysis by downstream consumers and ecosystem partners. The CVD Portal fully automates the generation and distribution of CSAF documents.
When a vulnerability reaches the disclosure phase, the portal automatically compiles the relevant data—including CVSS scores, affected product versions, remediation details, and descriptions—into a compliant CSAF JSON format. This eliminates the manual effort and potential for errors associated with crafting traditional, human-readable advisories. The portal supports multiple CSAF profiles, ensuring compatibility with various industry requirements.
Publishing CSAF documents allows your customers and partners to automatically update their security tooling, drastically reducing the time it takes for the broader ecosystem to protect against newly disclosed threats. The portal can securely host these documents or integrate with your existing content delivery networks, providing a verifiable and reliable source of truth for your organization's security advisories.