Cloud Advisor


Sign in Get a demo

Vulnerability management

Cloud Advisor identifies and prioritizes vulnerabilities in operating systems, packages and libraries on virtual machines and containers deployed in the cloud without the use of agents.


Agentless approach

Cloud Advisor uses an agentless approach to scan virtual machine block storage. This innovative method:

  • Provides 100% coverage of all virtual machines and containers immediately after deployment
  • Allows you to deploy Cloud Advisor in minutes and get full information about all vulnerabilities in the infrastructure within an hour
  • Does not require work to install and update agents, reducing the total cost of ownership
  • Has no effect on virtual machine performance
  • Does not require a network connection between the virtual machine/container and the scanning module


Cloud Advisor prioritizes vulnerabilities based on the context in which they are found. For example, a Log4Shell vulnerability found on a public machine with a security group that allows unrestricted connections will have a higher priority than the same vulnerability found on a machine without internet access. Similarly, a vulnerability found in a publicly exposed container with elevated privileges, will be prioritized higher than the same vulnerability found in a regular container.


Unlike traditional vulnerability scanning solutions, Cloud Advisor has detailed information about the cloud configuration thanks to the CSPM module and Managed Kubernetes configuration thanks to the KSPM module. This allows you to focus your attention on fixing the really important risks.


Various factors are used to prioritize vulnerabilities: presence of public exploits, type of vulnerability, CVSS score, etc. This allows you to focus on fixing vulnerabilities that have a real risk to the infrastructure.


Data sources

Cloud Advisor retrieves data from multiple sources and searches for vulnerabilities in Alpine, Debian, Ubuntu, RHEL, CentOS, OpenSUSE, and other distributions. Cloud Advisor supports the system package managers apt, yum and apk and the application-level package managers Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo.