Skip to content

About Scanning in FutureVuls#

Introduction#

FutureVuls can manage a wide range of targets and offers various methods for registering them. This document provides an overview of scanning methods in FutureVuls. It also explains the procedures for installing and uninstalling the scanner, as well as the setup requirements.

Types of Scanning Methods#

FutureVuls offers various scanning methods to register a wide range of managed targets. An overview of each scanning method is as follows. For details, please refer to the manual for each scanning method.

Scanning Method Overview
Local Scan The standard method of installing the scanner directly on the server
Remote Scan A method of scanning via a jump server
Paste Scan A registration method without using a scanner, suitable for closed networks
Docker Scan (Trivy) A method to scan Docker container images using Trivy
Docker Scan (ECR/GAR) A method to scan container images registered in ECR/GAR
Application Scan A method to scan applications such as language libraries
CPE Scan A method to register network devices or software not managed by a package manager
Inspector Integration A method to manage information by importing it from Amazon Inspector into FutureVuls
SBOM Import A method for vulnerability management by importing SBOM files
WordPress Scan A method to manage vulnerabilities in WordPress environments, including core, plugins, and themes
Integrate into CI/CD Pipeline A method to scan container images and libraries by integrating into a CI/CD pipeline

Choosing the Right Scanning Method#

In "How to Choose a Scanning Method", we provide examples of which scanning method to choose for various managed targets, along with flowcharts and other aids. After deciding which scanning method to use, you can proceed to the detailed page for each scan to check the specifics.

Scan Types and Processes#

A "scan" in FutureVuls is executed in two stages:

  • Upload of server configuration information (OS, installed packages, etc.) by the scanner (A)
  • Matching of each server's configuration information against the latest vulnerability data (B)
graph LR
    %% Style Definitions
    classDef serverStyle fill:#4a90e288,stroke:#4a90e2,stroke-width:2px
    classDef scannerStyle fill:#ff6b3588,stroke:#ff6b35,stroke-width:2px
    classDef vulnStyle fill:#fdcb6e88,stroke:#fdcb6e,stroke-width:2px
    classDef processStyle fill:#6bb6ff88,stroke:#6bb6ff,stroke-width:2px
    classDef noteStyle fill:#cccccc22,stroke:#cccccc,stroke-width:1px,stroke-dasharray:5 5

    %% Node Definitions
    Server["Server to be Scanned<br>OS & Package Info"]:::serverStyle
    Scanner["Vuls Scanner"]:::scannerStyle
    FutureVuls["FutureVuls"]:::processStyle
    VulnDB["Vulnerability Database<br>(Latest Information)"]:::vulnStyle
    Result["Vulnerability Detection Results"]:::processStyle

    %% Flow
    Server -->|"(A) Collect Configuration Info"| Scanner
    Scanner -->|"Upload Configuration Info"| FutureVuls
    VulnDB -->|"Vulnerability Information"| FutureVuls
    FutureVuls -->|"(B) Matching Process"| Result

    %% Annotations
    Server -.- ScanNote["Collection of<br>configuration info<br>by scanner"]:::noteStyle
    FutureVuls -.- MatchNote["Matching process between<br>configuration info and<br>vulnerability info"]:::noteStyle

The timings (scan classifications) when the above are executed include the following three types:

  • Scans performed by the Vuls scanner installed on the target server itself or on a remote scanning server (referred to as "agent scan").
  • Daily scheduled scans (only for the CSIRT plan and some servers on the Standard plan).
  • "Manual scans" initiated through the FutureVuls UI.

About the Targets of Scheduled Automatic Scans

For details on which servers are targeted by scheduled automatic scans, execution timings, skip conditions, and more, please refer to "Scheduled Automatic Scans".

About the FutureVuls Scanner

For convenience, we have referred to the component that collects configuration information in FutureVuls (the scanner) as an "agent," but this scanner is actually a binary built in Go (approximately 200MB in size). While the term "agent" may give the impression of a resident process that is always running and could burden the server, FutureVuls simply executes this binary on a schedule. Therefore, it is only launched as a temporary process, and the server load is minimal.

The processes (A) and (B) executed for each scan classification are as follows.

Scan Classification Process Executed Execution Method and Frequency
Agent Scan (A) + (B) Runs at the cron schedule configured during agent installation. Manual execution of the agent is also possible.
Scheduled Automatic Scan (B) only Applies to all servers on the CSIRT plan and some servers on the Standard plan. Runs once daily, between 00:00 and 08:00 JST.
Manual Scan (B) only Launched when "Manual Scan" is clicked in the FutureVuls UI.

"Upload of server configuration information (A)" is performed only during an agent scan. This configuration information is then used to perform "Matching against the latest vulnerability data (B)" in each scan.

Manual scans can be initiated from the server details page (per server), Group Settings > Manual Scan of All Servers (per group), or Organization Settings > Manual Scan of All Servers (per organization).

manual_scan