CVD Portal integration — how the handoff works
The Vulnerability Disclosure page (https://app.cra.portaregulus.com/cvd) connects your workspace to CVD Portal (https://cvdportal.com), the companion product where security researchers file vulnerability reports against your products. A coordinated vulnerability disclosure (CVD) policy is mandatory under CRA Annex I Part II point 5.
Finding this page
You can reach the Vulnerability Disclosure page from the sidebar at any time. Two prompts also point you to it. The dashboard shows a card explaining that CRA Articles 13(6) and 14 require a disclosure channel and ENISA reporting, which you can dismiss. The conformity export page shows a one-line prompt once you have drafted the Annex V declaration of conformity or the Annex VII technical-documentation index, since that documentation references a CVD policy.
Registering a product
The Register with CVD Portal button lists the currently selected product on your public disclosure page so researchers can report vulnerabilities against it. Registration is keyed on the product's internal id, so registering the same product again is safe. It updates the existing entry rather than creating a duplicate.
Re-register after renaming a product. New reports stay linked to the product through a stable identifier, but the portal's public product list shows the name it was registered under, so a re-register keeps it in sync.
The page shows a persistent registration state. A product that has never been registered gets a one-step setup card, and a registered product shows a Registered confirmation with a Re-register button.
Opening CVD Portal
The Open CVD Portal button signs you into cvdportal.com in a new tab, no separate password needed.
- If you have never used CVD Portal, you join a shared workspace as a read-only Member. You can view submissions and their details but cannot change status, severity, or settings. The header chip in CVD Portal shows "Member · read-only".
- If your email address already has its own CVD Portal account, you are signed into that account instead. Your own workspace does not contain the products or reports shown on this page. Those live in the shared integration workspace. A banner on arrival explains which account you landed in.
Each row in the Submissions table has an open icon that jumps straight to that report's detail page in CVD Portal.
To come back, use the CRA Compliance Tool link in CVD Portal's sidebar (shown to shared-workspace users).
If the Open CVD Portal button is greyed out, single sign-on is not configured on this deployment. Contact the team via Feedback & Support.
Why the Submissions table can show zero rows
- The product is not registered yet. Register it first.
- The product was renamed and older reports (filed before the rename) were matched by name. Re-register the product; reports filed after the rename stay linked automatically.
- The portal could not be reached. This shows as a warning with a Retry button, never as an empty list.
- More than 100 reports exist. The table shows the latest 100 and says so under the table; the full history is in CVD Portal.
Refresh and data freshness
Each card shows a "Data as of" time. The Refresh button always fetches live data from CVD Portal. Without it, data can be up to a few minutes old.