Search All Data Vulnerabilities Products Vendor Data Exploits Advisories RSS/Atom Feeds Code Changes Github Data Scanners, Tools Videos OVAL Definitions Authors/People Threats Web Data CWE Definitions CAPEC Definitions Tags Emails Tweets Alerts API Documentation

How VulnIQ Works

Data Collection

VulnIQ can collect and process data from various sources in various formats. Data collection and processing is handled by VulnIQ Backend which is a standalone, high performance, scalable daemon application.
VulnIQ contains data processors for many sources and formats. Administrators can configure data sources either using the UI or the API and schedule data collection.
Making everything configurable, while keeping it easy to manage, is a core design principle for VulnIQ, for example ~20 configuration options are provided for git repository datasources but configuration options come with sensible defaults and are straightforward to configure.

Data Processing

Data processing is handled by the VulnIQ Backend daemon. Data processing frequency for each datasource can be configured by administrators. The backend pushes processed data into VulnIQ data stores.

Data Storage

Processed data will be stored in multiple stores including a MySQL database, an Elasticsearch instance and the file system.
The MySQL database is the main data store and most of the usable information is stored in MySQL.
Elasticsearch is used for full-text search.
The file system is used for storing files like screenshots, cached versions and similar.


All data stored in VulnIQ can be queried over APIs. VulnIQ UI is also built on top of VulnIQ APIs, there is an API for all functionality provided by the UI.

Web UI

Processed data will be stored in multiple stores including a MySQL database, an Elasticsearch instance and the file system.

Vulnerability Scanning

VulnIQ also provides an authenticated security scanner which has now been made open source on Github,
VulnIQ security scanner utilizes VulnIQ APIs to report vulnerabilities on the scanned system. It also supports OVAL (Open Vulnerability and Assessment Language) and can evaluate OVAL definitions to report vulnerabilities with high accuracy.
VulnIQ security scanner is available to VulnIQ customers at no additional cost.

Vulnerability Management

VulnIQ has been developing a vulnerability management solution which utilizes data collected by the VulnIQ security scanner.
VulnIQ vulnerability manager will also be open sourced once it reaches a certain maturity level.
Contact us at
By using this web site and/or APIs you are agreeing to VulnIQ terms and conditions!
This site uses cookies for managing your session and website analytics purposes. Allow Cookies Remove Cookies