Overview¶
CVE Intelligence Panel helps security and platform teams monitor public vulnerability feeds against a defined infrastructure stack. The product goal is fast situation awareness: what is new, what is critical, and which stack components are affected — without paid threat-intelligence APIs.
This chapter introduces the audience, capabilities, and boundaries of the panel. Later chapters cover installation, the unified sidebar, scan modes, multilingual UI, and the HTTP API.
License and scope¶
CVE Radar is fully open source under the MIT License. There is no enterprise tier, paid add-on, or license-gated feature. Audit logging, RBAC, multi-tenant scan history, Prometheus metrics, EPSS enrichment, compliance control mapping, Kubernetes discovery, and offline mirrors are available to everyone; environment variables only adjust operational behavior (airgap, optional Postgres, metrics export). Self-host guides: 11 Self-hosted (en · fa · ar · ru · zh · fr).
Who is it for?¶
Operators and engineers who already know their stack and want a single dashboard that merges NVD, OSV, GitHub Advisories, CISA KEV, and selected security RSS feeds. The UI supports RTL and LTR layouts and six interface languages. The panel complements — but does not replace — vendor advisories, change management, and formal risk workflows.
Typical users run the panel on a trusted workstation or internal server, define tool names such as Redis or HAProxy, and review findings after a full scan or continuous watch.
Core capabilities¶
The panel is intentionally narrow: aggregate, deduplicate, present, and notify. It does not deploy patches or open tickets.
- Stack management — add/remove tool names and presets (Ceph, Nginx, Kubernetes, etc.).
- Full scan — all sources including NVD for a baseline inventory.
- Watch mode — frequent polling without NVD for faster discovery.
- Dashboard — severity donut, type bar chart, critical highlights, per-tool status cards (clickable to open the full CVE list for that tool).
- Vulnerabilities tab — filters, search, expandable cards; when filtered by tool, all matching rows are shown (no pagination cap).
- Six UI locales — fa, en, ar, ru, zh, fr with locale-aware dates and numbers.
- CVE text translation — optional auto-translate titles/descriptions to the active UI language (server cache +
POST /api/translate). - Font scale — 85%–140% base text size in the top bar.
- Unified SubNav — navigation, stack tool list with counts, quick severity filters, data sources with last-updated times, scan summary.
- Themes — light, dark (teal accent palette), system.
- Alerts — toast and banner when new CVEs appear (configurable).
- First-run setup wizard — four-step modal (stack → settings → sources → finish) before the main dashboard; stored in
cve-radar:setup-complete. - Scan cache — last full scan persisted in
localStorage(stack-keyed viasrc/lib/scanCache.ts); dashboard shows a cached-results banner until you run a new scan. - Server rate limits — separate per-minute buckets for
POST /scanandPOST /watch;POST /scan/validateis exempt (see Configuration).
Data sources (local brand icons)¶
Built-in feeds use local brand icons (SVG/PNG from Simple Icons, official favicons, etc.) under public/icons/brands/sources/ (mirrored in extended-docs/docs/assets/icons/brands/). Attribution: BRANDS_ATTRIBUTION.md. Refresh with npm run icons:download.
Stack services (preset icons)¶
Infrastructure presets (Ceph, HAProxy, Redis, Kubernetes, …) use matching icons from services/.
Documentation map (chapter icons)¶
Scan modes at a glance¶
The two modes differ by sources and latency. Choosing the wrong mode leads to either slow polls or incomplete NVD coverage.
| Mode | Sources | Typical duration | Best for |
|---|---|---|---|
| Full scan | NVD, OSV, GitHub, KEV, RSS | Minutes (NVD throttled) | Baseline, audits |
| Watch | OSV, GitHub, RSS | Seconds per poll | Continuous monitoring |
Product context diagram¶
flowchart TB
classDef user fill:#e9edf5,stroke:#00baba,color:#253343
classDef app fill:#f3fcfc,stroke:#008c8c,color:#253343
classDef feed fill:#fff7ed,stroke:#eda232,color:#253343
Operator[Security / platform engineer]:::user
Panel[CVE Intelligence Panel SPA]:::app
API[Express API]:::app
NVD[NVD]:::feed
OSV[OSV]:::feed
GH[GitHub Advisories]:::feed
KEV[CISA KEV]:::feed
RSS[Security RSS]:::feed
Operator --> Panel
Panel --> API
API --> NVD
API --> OSV
API --> GH
API --> KEV
API --> RSS
Diagram walkthrough¶
The operator configures a stack in the browser. The SPA calls the Express API for scan or watch. The server fetches external feeds in parallel, merges results by CVE id, enriches KEV flags, optionally translates text, and returns JSON. The browser caches the last scan locally and renders charts and lists.
Step-by-step (typical day)¶
- Add or confirm stack tools under Infrastructure.
- Run a full scan to populate the dashboard and per-source timestamps.
- Enable live watch and alerts for ongoing discovery.
- Click a tool card on the dashboard or an entry in the sidebar tool list to review all CVEs for that component.
- Change interface language if needed; wait for auto-translation when enabled.
- Triage critical items and follow outbound links to NVD or vendor pages.
Limitations¶
Heuristic matching can produce false positives or miss renamed products. RSS items may use synthetic ids when no CVE appears in the article. Free translation tiers are best-effort. English source text remains authoritative for compliance decisions.
Summary:
- Free public APIs only; optional
NVD_API_KEY/GITHUB_TOKENimprove rate limits. - Not a CMDB, not a patch orchestrator.
- CVE text translation quality depends on MyMemory, LibreTranslate, or local Ollama.
Next: Installation