Vulnerability Scanning

Prioritise what to fix — EPSS-ranked, VEX-tracked.

Continuous scanning against NVD, EUVD, OSV, and GitHub Advisory databases. EPSS exploitation-probability scoring, VEX statement generation, and per-product risk dashboards.

Start Scanning

Everything you need

Automatic vulnerability matching after every SBOM scan
EPSS scores and percentiles for exploitation probability ranking
CVSS v3.1 scores with vector strings from NVD, EUVD, OSV, and GHSA
VEX status workflow: affected / not_affected / fixed / under_investigation
Bulk VEX status update across multiple findings
CycloneDX VEX document export
Org-wide dashboard sorted by EPSS — see your highest-risk findings first

How it works

1

Scan completes

Every SBOM scan automatically triggers vulnerability matching across four threat intelligence sources.

2

Review ranked findings

Findings are sorted by EPSS probability. Focus on the 1% most likely to be exploited in the wild.

3

Track with VEX

Set VEX status and justification per finding. Export a CycloneDX VEX document for your auditor.

Ready to get started?

Join manufacturers already using CRAReady to manage their CRA compliance obligations.

Start Scanning