Getting Started

Requirements

VulnScout runs locally inside a container. It requires Docker or Podman installed on the host.

---

Installation

Clone the repository:

git clone https://github.com/savoirfairelinux/vulnscout.git
cd vulnscout

---

First Run

Start VulnScout and import the provided example data:

./vulnscout start \
  --add-spdx $(pwd)/example/spdx3/core-image-minimal-qemux86-64.rootfs.spdx.json \
  --add-cve-check $(pwd)/example/spdx3/core-image-minimal-qemux86-64.rootfs.json

Then open the web interface:

http://localhost:7275

The script automatically manages the container lifecycle (Docker or Podman) — it pulls the image (if needed), starts the container, imports the input files, and runs a scan.

---

Starting the Web Interface

If you have already loaded your data and just want to start the web interface:

./vulnscout --serve

Press Ctrl+C to stop the web server and return to your shell. The container keeps running in the background.

---

Stopping VulnScout

To stop and remove the container entirely:

./vulnscout stop