A portfolio is not about projects at least you are talking about project portfolio. That´s is critical to understand because the portfolio exceeds project and programs and project portfolios. So, creating risks for company portfolios is an activity that must be than with enough level of abstraction to instantiate it into project portfolio risks.
You can derive many metrics for your portfolio depending on your need. For example:
(1) Number of risky projects - a simple measure
(2) Number of cross-project risks - those risks that are capable of causing risks in other projects
(3) Depth of related risks tree - if you have (2), then you can estimate how deep a risk trigger could go
I understand that some project risks could also be portfolio-level risks. But, the PM has to ensure the success of each project. Therefore, I don't think that there is a way out of risk assessment for each project within the portfolio.