The Linux vulnerability scanner to enhance your security system
Easily detect, analyze and monitor the Common Vulnerabilities & Exposures of your embedded Linux system with CVE Scan
Detect
Discover the precise CVEs of your system with an automatic comparison between public CVE databases, your image & Linux kernel configurations.
Analyze
Determine which vulnerabilities put your device at risk with visual reports including scoring & detailed information. Refine the results with annotations.
Monitor
Keep an eye on your cybersecurity risk evolutions via an integration of CVE tracking in your CI pipelines and monitoring dashboards.
Linux CVE automatically monitored for you
Save time & resources with a Linux vulnerability scanner that monitors CVE for you, day after day. Report to your team easily with user friendly dashboards.
Accurate SBOM generation
CVE Scan eliminates false positives by conducting a precise comparison with configuration and kernel details, with SBOM generation. Through annotation and whitelisting, Linux CVE results are refined over time, directly managed in your Git repository.
CI/CD integration
Integrated into the CI pipeline, the tool streamlines daily vulnerability monitoring, offering a comprehensive solution for security-conscious development environments.
Decisions documentation & reports generation
Export results analysis in csv files and report to your team easily with user friendly dashboards.
Comply with the European Cyber Resilience Act (CRA)
With the upcoming Cyber Resilience Act (CRA), you’ll need to monitor and patch your vulnerabilities regularly for products deployed in Europe. CVE Scan helps you comply with this regulation and save time on your security maintenance activities.
CVE Scan, our Linux vulnerability scanner, includes:
- ✓ Full source code & documentation
- ✓ Installation support
- ✓ 1 year support via a help desk (extendable)
- ✓ Updates during 1 year (extendable)
Get your first scan for free
Get a free assessment of your embedded Linux system’s current vulnerabilities.
What you need to know
CVE stands for Common Vulnerabilities and Exposures. Another acronym to talk about known cybersecurity vulnerabilities in software and hardware products.
Check out our blog post on how to monitor your vulnerabilities.
No, but with the license you get perpetual access to the source code of our CVE scanner. You will have all the needed source code and documentation to rebuild your own Linux vulnerability scanner on your side. The license provides you with access to updates for one year. Then, if you wish to continue receiving the latest updates and fixes, you have the option to subscribe annually.
No, our Linux vulnerability scanner does not impose any restrictions regarding the number of scans nor embedded Linux systems scanned. You have full ownership of the source code and can use it for all your embedded Linux systems, for an indefinite duration.
CVE Scan is seamlessly compatible with embedded Linux systems built with the Yocto Project and Buildroot. Should you be utilizing a different embedded Linux system, integration remains possible; however, it might entail a minor code adjustment to ensure optimal functionality.
CVE Scan provides a higher level of automated analysis accuracy, including advanced matching on package names and versions, detection of Yocto patches and kernel fix commits (including cherry-picks), and utilization of kernel configuration for analysis. In contrast, CVE check offers more basic capabilities, ignoring kernel configuration and reporting CVEs for all recipes involved in the build. CVE Scan offers an optimized manual analysis with annotations, allowing for detailed investigation, while CVE check provides an unoptimized manual analysis without the provision for manual annotations. Finally, The Embedded Kit Linux vulnerability scanner involves a one-time fee and a yearly maintenance fee, while CVE check is provided for free.
We are currently working with a research laboratory and the BPI on a machine learning algorithm to detect abnormal situations and vulnerabilities. Learn more about the results of our collaboration here.
Our Linux vulnerability scanner fetches known CVE lists within the NIST public database & Ubuntu tracker.