Hybrid Runners Guide

Learn how to deploy and manage Hybrid Runners to secure your internal infrastructure and endpoints.

What is a Hybrid Runner?

A Hybrid Runner is a lightweight, secure agent that you install on your infrastructure. Unlike our cloud-based scanner which scans your public-facing assets from the outside, a Runner sits inside your network.

Runners enable two critical capabilities:

  • Internal Network Scanning: Scan databases, staging environments, and internal APIs that are not exposed to the public internet.
  • Endpoint Compliance (SOC 2): Verify security configurations on the host machine itself (e.g., "Is disk encryption enabled?", "Is the firewall active?").

Installation & Deployment

1. Register a Runner

  1. Go to the Runners page in your dashboard.
  2. Click Register New Runner.
  3. Give it a name (e.g., prod-db-runner) and tags.
  4. Copy the generated enrollment token.

2. Install the Agent

Download the binary for your OS from the Runners page, then run the install command:

./cvseeyou-agent install \
  --server https://api.cvseeyou.com \
  --agent-id <YOUR_AGENT_ID> \
  --api-key <YOUR_API_KEY>

Compliance Checks

The agent automatically performs the following checks every hour:

Security Controls

  • Disk Encryption (FileVault/LUKS)
  • Firewall Status
  • Screen Lock Configuration
  • Antivirus/Malware Protection

System Hardening

  • SSH Configuration (Root Login)
  • Automatic Updates
  • File Integrity Monitoring