Vulnerability Management Platform - now open for beta

Know every CVE that
threatens your servers

One script, one API key. Your machines scan themselves with Trivy, send results to the platform, and you get a prioritized, audit-ready vulnerability dashboard in seconds.

No credit card. 14-day trial. Cancel anytime.

Secvalis - Dashboard
0+
CVEs in database
0
Severity levels
0%
Scan coverage (rootfs+Docker)
0
Day free trial
Security glossary

What is a CVE?

Every vulnerability in the wild has a unique CVE identifier. The platform enriches each CVE with EPSS exploitation probability, KEV status and CVSS score - so you always know where to focus first.

CVE

Common Vulnerabilities and Exposures

A standardized identifier (e.g. CVE-2024-1234) for every publicly known security vulnerability.

NVD

National Vulnerability Database

The US government's official registry of CVEs, enriched with CVSS scores and technical details.

CVSS

Common Vulnerability Scoring System

A 0–10 score measuring vulnerability severity: Critical (9–10), High (7–8.9), Medium (4–6.9), Low (0–3.9).

EPSS

Exploit Prediction Scoring System

Probability (0–100%) that a vulnerability will be actively exploited in the wild within 30 days.

KEV

Known Exploited Vulnerabilities

CISA's list of CVEs with confirmed active exploitation in real attacks. Highest priority for patching.

EOL

End of Life

Date after which a vendor stops providing security patches for a software version. Machines still running EOL OS are in the highest risk category.

CVSS Severity scale

CRITICAL
9.0–10.0
HIGH
7.0–8.9
MEDIUM
4.0–6.9
LOW
0.1–3.9

KEV flag (🔴) overrides any CVSS score - a KEV vulnerability demands immediate action regardless of its numeric score.

Zero-agent architecture

How it works

No daemons, no containers to maintain. One bash script using Trivy - the industry-standard open source scanner. Data flows to the platform only through your API key. Nothing sensitive ever leaves your machine.

1

Download the audit script

A single Bash script (audyt.sh). It auto-installs Trivy if not present. Requires only curl and jq - standard on every Linux server.

wget -O audyt.sh "https://secvalis.eu/api/agent/install/<TOKEN>" && chmod +x audyt.sh
2

Scan happens locally - only results leave the machine

Trivy scans the full rootfs and running Docker containers. Only vulnerability metadata (CVE IDs, package names, versions) is sent - never your actual files, configs or secrets.

./audyt.sh <TWOJ_API_KEY>
3

Platform analyzes and prioritizes

Results are enriched with NVD data, EPSS exploitation probability and KEV status in real time. Dashboard shows exactly what needs fixing today vs. what can wait.

API key auth

One key per project. All machines in the project report under it. Revoke anytime.

No agents, no daemons

Cron job or one-shot. Nothing running 24/7.

HTTPS only

All traffic encrypted in transit.

Full visibility into your fleet

From fleet-level overview down to individual CVE details - every screen designed for fast triage.

Machine-level CVE detail

Machine-level CVE detail

Every machine gets a full breakdown: Critical, High, Medium and Low vulnerabilities with CVSS scores, EPSS probability and remediation advice. Filter by package, CVE ID or source. Mark issues as In Progress, Accepted Risk or Fixed.

Scan history & trend analysis

Scan history & trend analysis

Track your remediation progress over time. Each scan is stored with a delta showing whether your security posture is improving. Export any snapshot to CSV or PDF for compliance evidence.

EOL fleet governance

EOL fleet governance

Know which machines are running End-of-Life operating systems - with how many days until support ends, migration owner assignment, target dates and risk acceptance. ISO 27001 A.8.9 compliant.

Compliance-ready

Built for regulated environments

Generate PDF reports for ISO 27001 and EOL governance in one click - no manual data gathering.

🛡️

ISO 27001 A.8.8

Vulnerability management process evidence - PDF report covering findings, actions and remediation timelines.

🇪🇺

NIS2

Network and Information Security Directive - track your vulnerability posture across the entire fleet, with full audit trail.

📅

EOL Governance

Manage OS End-of-Life risk with migration plans, ownership and risk acceptance - ISO 27001 A.8.9.

🧾

ISO 27001 A.5.18

Exportable audit trail - who changed what and when across the account. Accountability evidence for access rights and change management (A.8.32).

Scan history & trends
PDF & CSV export
AUDITOR role for external auditors
Full AuditLog

Simple, transparent pricing

Start free. No credit card required.

STARTER

Small businesses & teams

Up to 10 machines
365-day scan history
199PLN/mo
49 EUR/mo
Full access to all platform features

Includes everything available today and every feature added in the future.

Start free trial

BUSINESS

Larger estates & MSPs

Up to 200 machines
730-day scan history
1999PLN/mo
499 EUR/mo
Full access to all platform features

Includes everything available today and every feature added in the future.

Start free trial

ENTERPRISE

Unlimited scale, custom SLA

200+ machines
Custom retention
Custom
Tailored for your fleet
Full access to all platform features

Includes everything available today and every feature added in the future.

Contact us

All plans include a 14-day free trial. Start today - no credit card required.

Everything in every plan

What's on the platform?

Every feature listed below is available in every paid plan - from day one and as the platform grows. You pay for machine slots and retention, not feature unlocks.

CVE scanning via Trivy

One bash script installs Trivy and runs a full scan of the OS, installed packages and running Docker containers. Only CVE metadata leaves the machine - no files, no configs, no secrets.

CVSS · EPSS · KEV enrichment

Every CVE is automatically enriched with its CVSS severity score (0–10), EPSS exploitation probability (%) and CISA KEV flag. Three data sources in one view - so you know where to focus first.

Remediation status tracking

Mark individual CVEs as In Progress, Accepted Risk or Fixed - directly from the machine view. Bulk actions available. Status history is preserved and exportable.

Scan history & trend analysis

Every scan is stored with a delta showing the change vs. the previous scan. Track whether your security posture is improving over time and spot regressions instantly.

ISO 27001 A.8.8 PDF report

One-click PDF report covering the full vulnerability management process: findings, remediation actions and timelines. Ready for external auditors - no manual data gathering.

EOL fleet governance

See which machines run End-of-Life operating systems, how many days remain, who owns the migration, target dates and risk acceptance decisions. ISO 27001 A.8.9 aligned.

PDF & CSV export

Export any machine snapshot or fleet summary to PDF or CSV. CSV follows RFC 4180 with BOM for correct Excel rendering. Every export is audit-ready and can be attached to incident reports.

Evidence Pack (one ZIP for a period)

Generate a single ZIP for any audit period: management, ISO 27001 and EOL PDFs, risk-acceptance and audit-trail CSV, a machine-readable JSON dataset and a SHA-256 manifest. Hand an ISO 27001 / NIS2 auditor one integral package instead of clicking together five separate exports.

Email & Telegram notifications

Scheduled digests deliver new CVEs and changed statuses directly to your inbox or Telegram channel. Configure the frequency and threshold per account.

AUDITOR role

Invite external auditors or compliance teams as read-only AUDITOR members. They see findings and reports - no access to API keys, billing or configuration.

Full AuditLog

Every action on every resource is recorded: who did what, when, from which IP. Immutable log exportable to CSV. Required evidence for ISO 27001 and NIS2.

Multi-organization support

Manage multiple separate organizations and projects from one account. Useful for MSPs, holding companies or teams with distinct environments requiring isolated reporting.

CVE Translator

CVE descriptions from NVD are in English. The built-in translator renders them in Polish - making triage faster for teams that don't work in English daily.

API & integrations

Project API key, agent audit endpoint and a Prometheus /metrics export - scrape your fleet's vulnerabilities into your own Prometheus and chart them on Grafana.

Start securing your fleet today

One script. 5 minutes to first scan. No commitment needed.