We are excited to announce the launch of CVEium CIS, a complete vulnerability disclosure management platform designed for EU CRA and US EO 14028 compliance.
What is included
Product and release management
Organize your software into products and track each version as a release. Each release follows an independent disclosure workflow.
SBOM upload and parsing
Upload SBOMs in CycloneDX or SPDX JSON format. CVEium automatically parses components, extracts PURLs, and computes file hashes for integrity verification.
Automated CVE scanning
Every uploaded SBOM is automatically scanned against 300,000+ known vulnerabilities from NVD, OSV, and other sources. Matches include CVSS scores, EPSS predictions, KEV status, and CWE classifications.
Vulnerability triage
Review each matched vulnerability and record a disposition: Affected, Not Affected, Fixed, or Under Investigation. Add justification and impact statements that flow into your VEX documents.
VEX document generation
Generate VEX documents in three industry-standard formats: CycloneDX VEX, OpenVEX, and CSAF. The approval workflow ensures documents are reviewed before publication.
Published disclosures
Publish approved VEX documents with public URLs, content hashes, and optional digital signatures. The public API enables machine-readable access for downstream consumers.
Team collaboration
Work together with role-based access control (Owner, Admin, Member), audit logging, and email notifications for new CVE matches.
Billing
Five plan tiers from Free to Enterprise, with usage-based limits for products, releases, team members, and published disclosures.
We look forward to helping you meet your vulnerability disclosure obligations.