Frequently Asked Questions

Everything you need to know about CVSEEYOU's capabilities, features, and integrations.

Document Generation

What kind of reports can I generate?

CVSEEYOU automatically generates comprehensive security reports including:

  • Executive Summaries for stakeholders
  • Technical Detail Reports for engineering teams
  • Compliance Evidence Reports for auditors (SOC 2, ISO 27001)
  • Trend Analysis Reports showing security posture over time

Are the reports audit-ready?

Yes. Our reports are designed specifically to satisfy auditor requirements. They include timestamps, methodology, scope, findings, and remediation evidence, making them ready for direct submission during compliance audits.

Vendor Management

How does Vendor Management work?

Our Vendor Management module allows you to track and assess third-party vendors. You can:

  • Centralize vendor information and contacts
  • Send and track security questionnaires
  • Assign risk scores to each vendor
  • Store vendor compliance documents (SOC 2 reports, ISO certs)
  • Set reminders for annual vendor reviews

Risk Management

What is the Risk Register?

The Risk Register is a core component of our platform that helps you identify, assess, and treat risks. It supports your annual Risk Assessment process by allowing you to:

  • Catalog risks across different categories (Security, Legal, Operational)
  • Calculate risk scores based on Likelihood and Impact
  • Assign owners and treatment plans (Mitigate, Accept, Transfer, Avoid)
  • Track progress on risk reduction over time

Available Scanners

What security scanners are included?

We orchestrate a suite of industry-standard open-source and proprietary tools to provide comprehensive coverage:

DAST (Dynamic Analysis) OWASP ZAP, Nuclei, Nikto - for finding vulnerabilities in running applications.
SAST (Static Analysis) Semgrep, Gosec, Bandit - for analyzing source code for security flaws.
Infrastructure Nmap, OpenVAS - for network and server configuration scanning.
Dependency Scanning Trivy, OSV-Scanner - for identifying vulnerable libraries and packages.

Hybrid Runners

What is a Hybrid Runner?

A Hybrid Runner is a lightweight agent that you install on your internal infrastructure (servers, laptops, or cloud instances). It allows CVSEEYOU to:

  • Scan internal networks and APIs that are not accessible from the public internet.
  • Monitor endpoint security compliance (e.g., disk encryption, screen lock, firewall status) for SOC 2.
  • Perform continuous security checks without requiring firewall rule changes.

Integrations

What tools does CVSEEYOU integrate with?

We integrate with your existing workflow to make security seamless:

Jira Automatically create tickets for new findings.
Slack Get real-time alerts for critical vulnerabilities.
GitHub / GitLab Scan pull requests and block insecure code.
AWS / GCP / Azure Cloud infrastructure scanning and asset discovery.
Vanta / Drata Sync evidence automatically to compliance platforms.

Ready to secure your application?

Join hundreds of companies using CVSEEYOU to automate their security and compliance.

Start Free Trial Contact Sales