Self-hosted only. Open source first.

Scutiva helps you generate SBOMs, review Linux posture, and find CVEs through authenticated host scanning.

Scutiva is a self-hosted security dashboard focused on SSH-based server onboarding, software inventory, SBOM generation, Linux posture review, and package vulnerability visibility. It helps teams understand what is actually installed, identify known CVEs, and review findings in one place without relying on a hosted platform.

View on GitHub Why install Scutiva

What it is A self-hosted SSH, SBOM, and CVE portal

What it helps with Visibility into Linux posture, packages, and vulnerabilities

Why teams choose it Authenticated evidence instead of guesswork

What Scutiva does

Install it on your own infrastructure and simplify authenticated CVE review.

Scutiva gives you one place to generate SBOMs, assess Linux hosts, scan packages for known vulnerabilities, and turn raw scanner output into a clearer remediation workflow. Instead of piecing together several tools by hand, you get a more usable view of what needs attention.

Why install it Know what is actually installed

See installed packages, SBOM-backed component data, Linux posture findings, and CVE results in one review flow instead of across disconnected outputs.

Best fit Teams that want evidence

Self-hosted deployment means your credentials, findings, and operational workflow stay inside your environment while scans run against the real host state.

Why Scutiva

Built for teams that need clearer software vulnerability visibility without giving up control.

See what is installed

Scutiva helps you build a clearer inventory of packages and components so you know what is actually present on the Linux systems you operate.

Find known CVEs with host context

Scutiva makes it easier to identify vulnerable software and focus remediation on issues backed by package inventory and SBOM evidence.

Keep everything in-house

Because Scutiva is self-hosted and open source, your findings, credentials, and workflow stay under your control instead of being pushed into a third-party platform.

Roboshadow vs Scutiva

Scutiva is not an internet attack-surface scanner.

Roboshadow-style products typically scan a domain or IP from the outside. They fingerprint open ports, TLS settings, HTTP headers, banners, exposed frameworks, and other public clues, then map those fingerprints to likely products and known CVEs.

Scutiva does something different today. It uses authenticated SSH access to inspect Linux hosts directly, generate SBOMs, review Linux posture, and correlate installed packages and components with known CVEs. That means Scutiva is built for evidentiary host scanning, not external attack-level scanning.

What Roboshadow-style scanning is good at

External attack-surface awareness: public ports, banners, web technologies, TLS posture, exposed admin panels, and other internet-facing signals.

What Scutiva is good at

Authenticated Linux host review: SSH-based onboarding, SBOM generation, package inventory, vulnerability correlation, and host posture findings grounded in what is actually installed.

Why Scutiva does not just scan a domain

A domain-only scan cannot reliably see local packages, system libraries, Python or Node dependencies, secrets on disk, internal services, or Linux hardening issues unless they leak externally.

How to think about the difference

External fingerprinting is inferential. Scutiva's current model is authenticated and evidence-driven. It can complement attack-surface scanning, but it does not replace or currently perform that scanning itself.

How it works

Install Scutiva, scan your Linux systems over SSH, and review CVEs with more context.

Scutiva is designed to be straightforward to adopt. You deploy it in your own environment, connect the Linux systems you care about, run SBOM, posture, and vulnerability scans, and review the results from a single interface.

Connect Linux systems you want to scan over SSH
Generate software inventory and SBOM data
Review posture and CVE findings in one place
Keep deployment and data under your control

Install Scutiva

connect Linux hosts over SSH

Add Linux systems

run posture, SBOM, and CVE scans

Review security findings

decide what to fix

Reduce exposure

What you get

Practical visibility into software inventory and vulnerability exposure.

Area 1

Linux posture, SBOM, and package inventory

Scutiva helps you understand Linux host posture plus what packages and components are installed so you have a clearer security inventory to work from.

Builds a clearer picture of installed software and Linux host state
Helps teams understand component and package coverage
Creates a stronger foundation for CVE review

Area 2

CVE visibility

Scutiva helps you see where installed packages and application dependencies may be exposing you to known vulnerabilities, based on authenticated host evidence rather than public fingerprint guesses.

Surfaces vulnerable packages and components
Helps teams focus remediation on known issues
Makes vulnerability review easier to understand and act on

Why it matters

Scutiva gives you a simpler way to stay on top of Linux and software exposure.

Many teams need better visibility into Linux posture, what software is installed, and which known CVEs may affect them, but do not want to hand over infrastructure data to a hosted vendor. Scutiva gives those teams a practical, open-source option they can install and operate themselves.

License MIT

Source GitHub-native

Hosting Self-hosted

Who should use it

Teams that need authenticated Linux, SBOM, and CVE scanning without SaaS lock-in

Scutiva is a good fit when you want clearer Linux host visibility, better software inventory, stronger vulnerability evidence, a self-hosted deployment model, and the freedom to adapt the workflow to your own environment.

Open GitHub repo Follow on LinkedIn