K
Kolvera
Back to blog

Why we built Kolvera: an AI Vulnerability Scanner for Linux

Kolvera Team
securitylinuxaicvevulnerability-scanner

The problem

Linux server security shouldn't require a dedicated team of experts. Yet the reality is that keeping a server secure involves a manual, repetitive, and error-prone process: identifying installed software, checking for known CVEs, assessing their real severity with NVD, CISA KEV and EPSS, and applying the appropriate fixes — all without a solid AI remediation workflow.

For a company with one or two servers, this is already a challenge. For organizations with dozens or hundreds, it's practically impossible without specialized tools.

The experience that shaped us

It all started with a real case. Fiduagraria S.A., a Colombian trust company subsidiary of Banco Agrario, needed to assess the security of their production servers. Three AWS Lightsail servers running Ubuntu 24.04 with Joomla, Nginx, and OpenSSH exposed to the public.

The initial scan revealed 25 findings: 14 CVE vulnerabilities correlated against the National Vulnerability Database, plus configuration issues in HTTP headers and SSH. Three of those vulnerabilities were Critical severity. This is exactly the kind of automated CVE detection that takes hours manually and seconds with the right linux vulnerability scanner.

Manual remediation would have taken days. Each CVE required individual research: verifying if Canonical's patch already covered it (backporting), evaluating the real exploitation probability with EPSS, cross-referencing against CISA KEV to know if it was being actively exploited, and finally generating the specific commands for that server, that OS, and that version.

What we learned

80% of that work was repetitive and automatable. The steps were always the same: inventory, correlation, assessment, plan, execution, verification. What changed was the context: the server, the services, the versions, the configuration.

That was the idea: a linux vulnerability scanner that automates the deterministic part (inventory and CVE detection) and uses AI for the part that requires context (generating remediation plans).

The solution: two layers

Kolvera combines two complementary layers.

Layer 1: Deterministic CVE Detection (free). A complete scan that inventories dpkg/apt/snap packages and exposed services, automatically generates CPEs, and cross-references against NVD, CISA KEV, and EPSS. Includes Nginx and SSH server hardening checker. Everything works offline with local SQLite cache. No external dependencies, no cloud, no data leaving your server.

Layer 2: AI-Powered Remediation Plans (Pro). Claude AI analyzes each finding in the specific context of your server and generates detailed remediation plans. Each plan includes exact steps, commands, rollback procedures, and post-verification. You provide your own Anthropic API key (BYOK) and maintain full control.

How Kolvera differs from Lynis, Trivy, and Vuls

There are good open source security tools out there. Kolvera is not trying to replace them — it fills a gap:

  • Lynis is a mature audit tool that produces a hardening checklist. It doesn't correlate CVEs against NVD/EPSS/CISA KEV and has no AI remediation capability. Kolvera does both.
  • Trivy excels at container and image scanning (SBOM-focused). For host-level Linux server vulnerability scanning and remediation, Kolvera is purpose-built.
  • Vuls is agentless and powerful for CVE scanning, but requires a separate server to run and generates no AI remediation plans. Kolvera runs as a single Rust binary on the target server and generates context-aware fix plans.

The combination of deterministic CVE scanning + NVD/CISA KEV/EPSS correlation + AI-powered remediation automation in a single offline-capable binary is what makes Kolvera different.

The result

What took days now takes minutes. In the Fiduagraria case, Kolvera generated 36 AI remediation plans in a single run. Each plan contextualized for that specific server, with those services, that Ubuntu version, that configuration.

It doesn't replace the security team. It empowers them. It automates the repetitive work so professionals can focus on the decisions that truly matter.

Try Kolvera

Layer 1 is completely free. Install this open source linux vulnerability scanner on your server and run your first security audit in under 2 minutes:

curl -sSL https://www.kolvera.co/install | bash
sudo kolvera init
sudo kolvera scan

Discover the real security state of your infrastructure.

Related articles

Ubuntu 24.04 Vulnerability Scanner: What You Need to Know About CVE Detection

How to run an automated CVE detection and server hardening security audit on Ubuntu 24.04. Why backporting matters and how NVD, CISA KEV, and EPSS give you the full picture.