About Scanning in FutureVuls#
Introduction#
FutureVuls can manage a wide range of targets and offers various methods for registering them. This document provides an overview of scanning methods in FutureVuls. It also explains the procedures for installing and uninstalling the scanner, as well as the setup requirements.
Types of Scanning Methods#
FutureVuls offers various scanning methods to register a wide range of managed targets. An overview of each scanning method is as follows. For details, please refer to the manual for each scanning method.
| Scanning Method | Overview |
|---|---|
| Local Scan | The standard method of installing the scanner directly on the server |
| Remote Scan | A method of scanning via a jump server |
| Paste Scan | A registration method without using a scanner, suitable for closed networks |
| Docker Scan (Trivy) | A method to scan Docker container images using Trivy |
| Docker Scan (ECR/GAR) | A method to scan container images registered in ECR/GAR |
| Application Scan | A method to scan applications such as language libraries |
| CPE Scan | A method to register network devices or software not managed by a package manager |
| Inspector Integration | A method to manage information by importing it from Amazon Inspector into FutureVuls |
| SBOM Import | A method for vulnerability management by importing SBOM files |
| WordPress Scan | A method to manage vulnerabilities in WordPress environments, including core, plugins, and themes |
| Integrate into CI/CD Pipeline | A method to scan container images and libraries by integrating into a CI/CD pipeline |
Choosing the Right Scanning Method#
In "How to Choose a Scanning Method", we provide examples of which scanning method to choose for various managed targets, along with flowcharts and other aids. After deciding which scanning method to use, you can proceed to the detailed page for each scan to check the specifics.
Scan Types and Processes#
A "scan" in FutureVuls is executed in two stages:
- Upload of server configuration information (OS, installed packages, etc.) by the scanner (A)
- Matching of each server's configuration information against the latest vulnerability data (B)
graph LR
%% Style Definitions
classDef serverStyle fill:#4a90e288,stroke:#4a90e2,stroke-width:2px
classDef scannerStyle fill:#ff6b3588,stroke:#ff6b35,stroke-width:2px
classDef vulnStyle fill:#fdcb6e88,stroke:#fdcb6e,stroke-width:2px
classDef processStyle fill:#6bb6ff88,stroke:#6bb6ff,stroke-width:2px
classDef noteStyle fill:#cccccc22,stroke:#cccccc,stroke-width:1px,stroke-dasharray:5 5
%% Node Definitions
Server["Server to be Scanned<br>OS & Package Info"]:::serverStyle
Scanner["Vuls Scanner"]:::scannerStyle
FutureVuls["FutureVuls"]:::processStyle
VulnDB["Vulnerability Database<br>(Latest Information)"]:::vulnStyle
Result["Vulnerability Detection Results"]:::processStyle
%% Flow
Server -->|"(A) Collect Configuration Info"| Scanner
Scanner -->|"Upload Configuration Info"| FutureVuls
VulnDB -->|"Vulnerability Information"| FutureVuls
FutureVuls -->|"(B) Matching Process"| Result
%% Annotations
Server -.- ScanNote["Collection of<br>configuration info<br>by scanner"]:::noteStyle
FutureVuls -.- MatchNote["Matching process between<br>configuration info and<br>vulnerability info"]:::noteStyle
The timings (scan classifications) when the above are executed include the following three types:
- Scans performed by the Vuls scanner installed on the target server itself or on a remote scanning server (referred to as "agent scan").
- Daily scheduled scans (only for the CSIRT plan and some servers on the Standard plan).
- "Manual scans" initiated through the FutureVuls UI.
About the Targets of Scheduled Automatic Scans
For details on which servers are targeted by scheduled automatic scans, execution timings, skip conditions, and more, please refer to "Scheduled Automatic Scans".
About the FutureVuls Scanner
For convenience, we have referred to the component that collects configuration information in FutureVuls (the scanner) as an "agent," but this scanner is actually a binary built in Go (approximately 200MB in size). While the term "agent" may give the impression of a resident process that is always running and could burden the server, FutureVuls simply executes this binary on a schedule. Therefore, it is only launched as a temporary process, and the server load is minimal.
The processes (A) and (B) executed for each scan classification are as follows.
| Scan Classification | Process Executed | Execution Method and Frequency |
|---|---|---|
| Agent Scan | (A) + (B) | Runs at the cron schedule configured during agent installation. Manual execution of the agent is also possible. |
| Scheduled Automatic Scan | (B) only | Applies to all servers on the CSIRT plan and some servers on the Standard plan. Runs once daily, between 00:00 and 08:00 JST. |
| Manual Scan | (B) only | Launched when "Manual Scan" is clicked in the FutureVuls UI. |
"Upload of server configuration information (A)" is performed only during an agent scan. This configuration information is then used to perform "Matching against the latest vulnerability data (B)" in each scan.
Manual scans can be initiated from the server details page (per server), Group Settings > Manual Scan of All Servers (per group), or Organization Settings > Manual Scan of All Servers (per organization).
