Federacy is a security meta scanner for hosts, containers, and builds with a focus on vulnerabilities.
The build and install tooling included in the federacy.sh repo are open source, and the website and API are free to use.
fedc is a golang binary compiled from our fork of vuls. The only disparity with upstream is a REST reporter which submits to the Federacy API, and needs to be made more dynamic before being pulled upstream.
Start Using Federacy
federacy.sh requires root to prepare a host for scanning, but scans are run by a user with as few privileges as possible to list packages installed and view changelogs. All running containers on a host can be scanned as well.
We're also working on registry scanning, please reach out if this interests you.
Paid Plans Available
We offer private instances and on-premises versions in our paid plans, as well as additional vulnerability sources and mitigation information, and a human component: we'll analyze all of the vulnerabilities you encounter and notify you of critical ones, including mitigation information.
If you have any questions, feel free to reach out via Slack or Email. We're active on vuls, kubernetes, docker, packet.net, and hangops Slacks, and happy to invite you to the Federacy community slack.