K
Kolvera

Everything you need to protect your servers

Kolvera is a Rust CLI security agent that combines deterministic detection with artificial intelligence to comprehensively protect Linux servers.

Layer 1 — Deterministic Detection

Free

Automatic Inventory

Detects dpkg/apt/snap packages and exposed services like Nginx, SSH, and PHP. Automatically generates CPE (Common Platform Enumeration) for each component detected on your server.

kolvera scan

CVE Correlation

Cross-references inventory against NVD (National Vulnerability Database) and integrates CISA KEV (Known Exploited Vulnerabilities) and EPSS (Exploit Prediction Scoring System) to calculate real exploitation probability. Everything works offline with local SQLite cache.

kolvera findings --severity critical

Config Checker

Detects missing HTTP headers like HSTS, X-Frame-Options, and CSP. Analyzes SSH configuration to find enabled PasswordAuthentication or weak key exchange algorithms. Verifies TLS/SSL configuration. Extensible to more services in future versions.

kolvera scan --quick

Layer 2 — AI Remediation

Pro

AI Remediation Plans

Claude AI generates context-aware plans for your specific server. Considers your operating system, version, installed services, and current configuration. Each plan includes detailed steps, exact commands, rollback procedures, and post-verification. BYOK (Bring Your Own Key) — you use your own Anthropic API key.

sudo -E kolvera remediate

Executor with Evidence

Executes approved plans with before/after evidence capture for every change. Dry-run mode to review without executing. Automatic rollback if something fails during execution. Requires human approval — never executes automatically.

sudo -E kolvera remediate --execute

Professional Reports

Generates PDF reports with branding, evidence, and status for each finding. Exports in JSON format for integration with other tools. Complete scan and remediation history available at any time.

sudo kolvera report

More Features

CLI-First

Rust binary with no external dependencies

Offline Licenses

Ed25519, works without connectivity

Scheduler

Scheduled scans with systemd timers

History

Tracking of all scans and changes

Simple Installation

One-liner curl to install in seconds

Auditable Code

BSL 1.1, source code available

Start scanning in minutes

Download free