Vuls

Vuls addresses the significant operational challenge of continuous vulnerability scanning across diverse operating systems, including Linux, FreeBSD, Windows, and macOS, without the need for agents. This tool is written in Go and leverages multiple vulnerability databases such as NVD, OVAL, and security advisories from various vendors like Red Hat and Debian.

Technically, Vuls operates in several modes: remote, local, and server modes. In remote mode, it connects to target servers via SSH to collect software information and perform scans. For environments where SSH is not desirable, Vuls can operate in local scan mode, where commands are executed directly on the target server to collect data, which is then sent to the Vuls server via HTTP. This flexibility allows for comprehensive vulnerability scanning without the overhead of deploying agents on each server.

Key operational considerations include the requirement for specific packages such as SQLite3, MySQL, PostgreSQL, or Redis for database storage, along with Go version 1.18 or later. The setup involves cloning and installing several Go-based dictionaries (e.g., go-cve-dictionary, goval-dictionary) to fetch vulnerability data from various sources. This process can be automated using tools like vulsctl, which simplifies the setup using Docker commands.

Limitations include the lack of automatic package updates; Vuls only identifies vulnerabilities but does not update the vulnerable packages. Additionally, database schema changes during updates do not support migration, requiring the use of a new database if the schema is altered.

In terms of specific technical details, Vuls supports a wide range of operating systems and can scan not only OS packages but also libraries, self-compiled software, and network devices. It integrates with Continuous Integration (CI) pipelines, allowing daily scans, and supports notifications via email and Slack. The scan results can be viewed using a terminal-based user interface (TUI) or a web UI (VulsRepo).