Continuous vulnerability scanning that feeds remediation, not just reports
One orchestrated scanning stack across network, endpoints, web applications, and cloud configuration. Deduplicated findings, owner-routed tickets, SLAs — and a monthly evidence pack auditors accept.
Scanner coverage
We orchestrate six battle-tested open source scanners and normalise their output into a single finding model. You get breadth without six dashboards, six ticket queues, or six duplicate CVEs.
OpenVAS
Network & host vulnerability scanning
OWASP ZAP
Dynamic web application scanning
Nikto
Web server misconfiguration checks
Lynis
Linux / Unix system hardening audits
Wapiti
Injection and auth-bypass web checks
w3af
Deep web application attack surface scanning
Continuous vs. periodic scanning
If you are buying a one-off scan to tick a box, we will tell you honestly. But if you need to show ongoing assurance to customers, auditors, or insurers, continuous is the only model that actually delivers it.
| Continuous scanning | Periodic / one-off | |
|---|---|---|
| Cadence | Every change to an asset triggers a scan; full-scope passes run nightly. | One-off scan at a fixed moment in time; stale within days. |
| Coverage | Network, endpoints, web apps, cloud config, and SaaS tenants on a single schedule. | Usually one asset type (e.g. external network) per engagement. |
| Output | Deduplicated findings with owners, tickets, and SLAs, tracked over time. | PDF snapshot that has to be manually triaged into your ticketing system. |
| Best for | Teams that need to demonstrate ongoing assurance for SOC 2, ISO 27001, or insurers. | Point-in-time attestations, one-off vendor diligence, or pre-audit cleanup. |
Still deciding? Read our guide: Continuous vs. one-off security scans.
Remediation workflow
- Step 1
Find
Orchestrated scanners run on a continuous schedule and normalise findings into a single model, so one CVE across six scanners becomes one ticket.
- Step 2
Prioritise
Each finding is scored on exploit availability, asset criticality, and blast radius — not just CVSS — so the top of the list is the top of the risk list.
- Step 3
Assign
Findings auto-route to the owning team via your existing ticketing tools, with an SLA clock that matches your compliance posture.
- Step 4
Verify
We re-scan the impacted asset when the ticket is closed and mark the finding verified — or reopen it with evidence if the fix did not stick.
- Step 5
Report
Boards, insurers, and auditors get monthly evidence packs with trend lines and SLA compliance, not a raw scan dump.
Reporting built for auditors
- Risk-scored dashboards with filters by asset, owner, and environment.
- Executive summary PDFs auto-generated monthly for boards and insurers.
- Ticket integrations (Jira, Linear, GitHub Issues, ServiceNow) with two-way sync.
- SLA timers per severity with automatic escalation to asset owners.
- Evidence packs mapped to ISO 27001 A.12, SOC 2 CC7, and Cyber Essentials.
Frequently asked questions
What is the difference between continuous vulnerability scanning and a one-off scan?
A one-off scan is a point-in-time snapshot that ages out within days — by the time the report is delivered, your environment has already changed. Continuous scanning reruns on every change and on a nightly full-scope pass, so the list you act on today reflects the environment you have today. For SOC 2, ISO 27001, and cyber insurance renewal, continuous is now the expected posture.
Which scanners does Cyvex orchestrate?
Cyvex orchestrates OpenVAS for network and host coverage, OWASP ZAP, Wapiti, and w3af for dynamic web application testing, Nikto for web server checks, and Lynis for Linux system hardening. We normalise findings across all six into a single deduplicated queue.
Will scans disrupt production?
Scans are throttled and scheduled around your maintenance windows by default. Authenticated scans use least-privilege service accounts, and we support read-only agent modes for change-sensitive environments.
How do we get findings into our ticketing system?
We integrate with Jira, Linear, GitHub Issues, and ServiceNow out of the box, with two-way sync so status changes in your tracker flow back to Cyvex. Custom webhooks are supported for anything else.
Does this replace penetration testing?
No — and it should not. Continuous scanning catches the known and the automatable; penetration testing catches the business-logic and chain-of-attack issues scanners will miss. Customers typically run both: continuous scanning year-round, a CREST-accredited pen test annually.
See it on your own assets
Book a 30-minute demo. We will point Cyvex at a representative asset and show you the first real findings in under an hour.
Book a demo