Secureframe’s vulnerability management module pulls in and tracks vulnerability information from your cloud environment, particularly through your native scanning service such as AWS Inspector, Azure’s Microsoft Defender, GCP container scanning, Github Dependabot, etc. Here's a breakdown of the process:

1. Enable Native Vulnerability Scanners. Enable the vulnerability scanning tools Secureframe supports and begin scanning your infrastructure and code repositories within the source systems. .
2. Vulnerability Detection. The scanners will identify vulnerabilities in the cloud infrastructure, operating systems, applications, or any other components being monitored.
3. Data Ingestion. The data on detected vulnerabilities is then ingested into the vulnerability management module within the Secureframe UI utilizing the integrations configured with tools such as AWS and Github. This module serves as a central repository for all vulnerability information being ingested by the vulnerability scanning services giving you a centralized view of all vulnerabilities between all native vulnerability scanners.
4. Consolidated View. By ingesting data from multiple sources via the integrations, including native scanners like AWS Inspector and/or Github’s Dependabot, into the Secureframe vulnerability management module, users can have a consolidated view of all vulnerabilities present based on results of these tools. This "single pane of glass" view is valuable for understanding the overall security posture of their cloud infrastructure.
5. Remediation. Teams can then work on addressing the vulnerabilities based on the risk. Remediation may involve applying patches, reconfiguring systems, or implementing other security measures to eliminate or mitigate the identified vulnerabilities within the tools and services they were identified in.  Once the vulnerabilities are remediated, this will reflect in the Secureframe tool showing resolved.
6. Continuous Monitoring. Secureframe will continue to ingest vulnerability data as long as scanning sources are integrated within the Secureframe system and still running.

The vulnerability management process helps organizations proactively manage and improve their security posture in a cloud environment by identifying, prioritizing, and addressing vulnerabilities efficiently.  Secureframe will help consolidate vulnerabilities found from the many vulnerability scanning services the platform can integrate with.

Our vulnerability management module would automatically integrate from the following sources as applicable: 

• Virtual Machines
  • AWS Inspector Classic
  • AWS Inspector v2
• Containers
  • AWS ECR
  • GCP Container Analysis
  • Microsoft Defender for Cloud
• Code Dependencies
  • GitHub Dependabot

Frequently Asked Questions (FAQ)

How can false positive security vulnerabilities be closed in Secureframe?

• Secureframe currently mirrors the vulnerability data pulled directly from your source systems, such as AWS. This means false positives cannot be closed or dismissed within Secureframe itself. To remove or update a vulnerability status, you’ll need to address it directly at the source system.
• That said, our Engineering team is actively working on Vulnerability Management V2, which will introduce enhanced functionality—including better handling of false positives and remediation tracking—once released.

Why does a Qualys integration show as connected, but no vulnerabilities appear in Secureframe?

This typically happens when the credentials used for the Qualys integration are invalid or expired, even though the integration status still appears as “connected.” In this state, the connection itself exists, but vulnerability data cannot be successfully pulled.

When this occurs:

• Vulnerabilities may not appear on the Vulnerabilities page

• Related vulnerability scanning tests may not complete or update as expected

The recommended fix is for the customer to verify and reauthenticate their Qualys credentials, then reconnect the integration in Secureframe. Once valid credentials are confirmed, vulnerability data from Qualys should begin flowing normally.

If vulnerabilities still do not appear after reconnecting, further investigation may be required to confirm successful data ingestion.