Skip to main content

Quick Start Guide

CVD Portal helps manufacturers meet the EU Cyber Resilience Act's coordinated vulnerability disclosure obligations (CRA Annex I Part II point 5). It gives your company a branded, public vulnerability disclosure portal, a submissions inbox to triage reports, and tooling for advisories and compliance evidence. This guide takes you live in four steps.

1. Create your account

Sign up with email or a Google or GitHub account. We send a verification link to confirm your address before you build your company workspace. Public email domains such as gmail.com cannot be used to create new accounts, which prevents brand impersonation.

Registration screen

2. Set up your workspace

From the dashboard, name your company and choose a unique portal slug such as acme-corp. The slug becomes your public reporting address at acme-corp.cvdportal.com. Invite teammates as ADMIN or MEMBER, and add your logo for a whitelabel portal.

Workspace setup in the dashboard

3. Publish your CVD policy

Define what is in scope, how researchers should report, and your expected response times. The portal generates a matching security.txt so your disclosure contact is discoverable per RFC 9116.

CVD policy editor

4. Share your portal

Link to your public portal from your corporate website and your security.txt file. Researchers submit reports there, and your team triages them from the dashboard with a full CRA audit trail.

Public researcher submission portal

Key areas of the app

Where to do X in the app

Plans

CVD Portal has FREE, PRO, and ENTERPRISE plans. New companies can trial PRO features. PRO adds analytics, CSAF export, SBOM, hardware registry, monitoring sources, obligations drafting, security reviews, team members, and threat intel. ENTERPRISE adds the CRA scanner, API access, and EUDI wallet identity features. Upgrade under Billing (https://cvdportal.com/billing).