Documentation
Install and run your first scan in 2 minutes
Quick Installation
Requires Ubuntu 22.04+ or Ubuntu 24.04. x86_64 and aarch64 supported.
x86_64
sudo curl -L https://github.com/kolvera-io/kolvera-agent/releases/latest/download/kolvera-agent-x86_64-linux -o /usr/local/bin/kolvera && sudo chmod +x /usr/local/bin/kolveraaarch64
sudo curl -L https://github.com/kolvera-io/kolvera-agent/releases/latest/download/kolvera-agent-aarch64-linux -o /usr/local/bin/kolvera && sudo chmod +x /usr/local/bin/kolveraVerify installation:
kolvera --version✓ kolvera 0.1.2Initialize & Load CVE Database
Creates config directories, SQLite database, and agent ID.
sudo kolvera initDownloads CVEs from NVD, marks CISA KEV exploited vulnerabilities, and fetches EPSS scores. This can take 2-3 minutes on first run.
sudo kolvera update✓ 21695 CVEs processed from NVD · ✓ 56 CVEs marked as actively exploited (KEV) · ✓ 9038 EPSS scores updatedFirst Scan
Runs a complete scan: package inventory, service detection, CVE correlation, and configuration analysis.
sudo kolvera scan✓ 809 packages detected · ✓ 2 exposed services: nginx/1.24.0, ssh/9.6p1 · ✓ 21695 CVEs in cache · ✓ 24 vulnerabilities found · ⚠ 6 insecure configurations detected · Summary: 0 Critical 1 High 3 Medium 18 LowView Results
List all findings with severity, score, and status.
sudo kolvera findingsFilter by severity to focus on critical issues first.
sudo kolvera findings --severity criticalQuick summary of server security posture.
sudo kolvera statusAI Remediation (Pro)
Copy your Pro license key to the server:
sudo cp your-license.key /etc/kolvera/license.key && sudo chmod 600 /etc/kolvera/license.keysudo kolvera licenseTier: PRO · Customer: YourCompany · Status: ValidSet your Anthropic API key as environment variable:
export ANTHROPIC_API_KEY="sk-ant-..."Claude AI analyzes each finding and generates context-aware remediation plans with exact commands, verification steps, and rollback procedures.
sudo -E kolvera remediate✓ 22 plans generatedApprove a specific remediation plan before execution. Kolvera never executes without human approval.
sudo -E kolvera remediate --approve <PLAN-UUID>Executes approved plans step-by-step with interactive confirmation. Captures before/after evidence. Automatic rollback if any step fails.
sudo -E kolvera remediate --executeReports
Generate a PDF report with findings, severity breakdown, and evidence (Pro).
sudo kolvera report✓ Report generated: /var/lib/kolvera/reports/kolvera-report-20260331.pdfExport findings in JSON format for integration with other tools (Community).
sudo kolvera report --format jsonCommand Reference
| Command | Function | Tier |
|---|---|---|
| kolvera init | Initial setup | Community |
| kolvera update | Load/update CVE database | Community |
| kolvera scan | Full scan | Community |
| kolvera scan --quick | Quick scan (config only) | Community |
| kolvera status | Quick summary | Community |
| kolvera findings | List findings | Community |
| kolvera findings --severity high | Filter by severity | Community |
| kolvera remediate | Generate AI plans | Pro |
| kolvera remediate --approve <UUID> | Approve a plan | Pro |
| kolvera remediate --execute | Execute approved plans | Pro |
| kolvera remediate --dry-run | Preview without executing | Pro |
| kolvera verify | Verify remediations | Pro |
| kolvera report | PDF report | Pro |
| kolvera report --format json | JSON report | Community |
| kolvera history | Scan history | Community |
| kolvera config show | View configuration | Community |
| kolvera config set <key> <value> | Change config value | Community |
| kolvera license | View license info | Community |
File Locations
/etc/kolvera/config.toml/etc/kolvera/license.key/var/lib/kolvera/kolvera.db/var/lib/kolvera/cve-cache//var/lib/kolvera/reports//var/log/kolvera/Source code, issues, and contributions on GitHub
View on GitHub