Federacy is a security meta scanner for hosts, containers, and builds with a focus on vulnerabilities.

It is built upon the hard work of vuls, and will soon include clair and other open source scanners.

The build and install tooling included in the repo are open source, and the website and API are free to use.

fedc is a golang binary compiled from our fork of vuls. The only disparity with upstream is a REST reporter which submits to the Federacy API, and needs to be made more dynamic before being pulled upstream.

Start Using Federacy

Create an account

Choose an integration

Node & Containers

Docker Build

Google Cloud Builder

Privileges Required

Active Scans requires root to prepare a host for scanning, but scans are run by a user with as few privileges as possible to list packages installed and view changelogs. All running containers on a host can be scanned as well.

Passive Scans

We're also working on registry scanning, please reach out if this interests you.

Paid Plans Available

We offer private instances and on-premises versions in our paid plans, as well as additional vulnerability sources and mitigation information, and a human component: we'll analyze all of the vulnerabilities you encounter and notify you of critical ones, including mitigation information.


If you have any questions, feel free to reach out via Slack or Email. We're active on vuls, kubernetes, docker,, and hangops Slacks, and happy to invite you to the Federacy community slack.

Weekly Roundup

Updates on major vulnerabilities, compromises, and security news.