← All tools
Free Tool

security.txt Generator

Generate a standards-compliant security.txt file (RFC 9116) for your product or website. Required by the EU Cyber Resilience Act to make your vulnerability reporting contact discoverable.

Required. Primary email for vulnerability reports.

A web form or portal URL as an additional Contact.

Link to your public coordinated vulnerability disclosure policy.

RFC 9116 requires an expiry date. Update annually.

Link to your PGP public key for encrypted reports.

Link to your CSAF 2.0 advisory feed. Increasingly expected under CRA Annex I.

/.well-known/security.txt
# security.txt — https://securitytxt.org

Contact: mailto:[email protected]
Preferred-Languages: en
Expires: 2027-04-02T08:44:15+00:00

Upload this file to /.well-known/security.txt on your web server. CVD Portal generates and hosts your security.txt automatically.

Frequently asked

What is security.txt?
security.txt is a proposed standard (RFC 9116) that defines a file format for websites and products to communicate their security contact information. It is placed at /.well-known/security.txt and tells security researchers how to report vulnerabilities.
Is security.txt required by the CRA?
The CRA requires a publicly accessible single point of contact for vulnerability reporting (Article 13). A security.txt file is the most widely-adopted way to publish this contact — it is discoverable by researchers, automated scanners, and CVD platforms.
Where do I publish the security.txt file?
Place the file at /.well-known/security.txt on your website. For products without a web presence, link to the security.txt from your product documentation or CVD policy page.
Does the Expires field matter?
Yes — RFC 9116 requires an Expires field. Researchers and tools use it to verify the file is current. Set it 1 year ahead and update annually. CVD Portal updates your security.txt automatically.

Ready to automate your CVD programme?

CVD Portal integrates all these tools and handles your Article 13 and 14 obligations automatically.

Start your free portal →