Skip to content
Last updated July 2, 2026

Security Scanner

The Security Scanner sits under Insights → Security and gives you a compact, cross-fleet view of every server’s OS package security state — total packages, available updates, and CVE counts split by severity.

Where Vulnerabilities is the “which CVEs should I fix first” view, Security Scanner is the “which servers are behind” view.

A per-server table of the latest scan on every online host:

  • Server — hostname, links to the server page.
  • Packages — total installed packages seen by the agent.
  • Updates available — packages with a newer version in the distro repos.
  • Critical / High / Medium / Low — active CVE counts per severity.
  • Total — sum across severities.
  • Scanned — how long ago the scan ran.

The header shows fleet-wide totals: servers scanned, plus critical / high / medium / low counts summed across all hosts.

Expanding a row reveals the vulnerable packages found on that host — package name, installed version, fixed-in version, and the CVEs each package resolves.

  • Trigger a scan for a specific server from its row (requires the agent’s packages plugin, v1.0.43+).
  • Jump to the server to see per-package detail and the Fix action that queues a package update.
  • Filter and sort — order by critical count to see the worst offenders first, or by “updates available” to see the most out-of-date hosts.

The agent reports the installed package inventory on every full sync. HostAtlas matches it against public CVE feeds and stores a per-server security scan record with the counts you see here. A scan takes a few seconds server-side once the inventory is uploaded — there is no long-running scanner on the box.

Because the underlying data is the same as Vulnerabilities, the numbers reconcile: the sum of Critical across all rows here equals the Critical KPI on the Vulnerabilities page.

If a server has no scan yet, either the agent is too old or the packages plugin hasn’t reported in yet. The row shows an empty state with the required agent version.

  • Vulnerabilities — the CVE-first cut of the same data, with KEV highlighting and top-10 CVEs.
  • Recipes — one-shot scripts you can build from a finding to install updates.
  • Compliance Hub — the umbrella that groups security posture with policy adherence and audit findings.
Was this page helpful?