heretix
heretix console screenshot

Open-Source Vulnerability Management

Scan, track, and manage vulnerabilities across your Linux servers and container images, from the command line to the dashboard.

Get Started View on GitHub

What is heretix?

heretix is an open-source vulnerability management platform composed of three components: a CLI scanner, a vulnerability data API, and a web management console. Together they provide a complete workflow, from scanning your infrastructure to tracking remediation.

How It Works

Vulnerability Sources
NVD
OSV
CISA KEV
EPSS
Vendor Advisory
heretix-api
Aggregation & Search
heretix-management
Web Console
heretix-cli
Package Scanner
Targets
Linux Host
Docker Image

Components

heretix-cli

A command-line tool that scans Linux servers and Docker images for installed packages (RPM, DPKG, npm, PyPI) and queries the API for known vulnerabilities.

Go
GitHub

heretix-api

A REST API that aggregates and normalizes vulnerability data from NVD, OSV, CISA KEV, EPSS, and vendor advisories (Fortinet, Palo Alto, Cisco).

Node.jsFastifyPrismaPostgreSQLTypeScript
GitHub

heretix-management

A Next.js web console for importing scan results, visualizing vulnerability trends, managing alerts, and tracking remediation progress.

Next.jsTailwind CSSPrismaPostgreSQLAuth.js
GitHub

Key Features

Multi-Ecosystem Scanning

Supports RPM, DPKG, npm, and PyPI package ecosystems on Linux hosts and Docker images. Integrates with CI/CD pipelines to detect vulnerabilities before deployment.

Aggregated Vulnerability Data

Consolidates CVE data from NVD, OSV, and vendor advisories into a single normalized database.

CISA KEV Tracking

Flags vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog for priority attention.

EPSS Scoring

Includes Exploit Prediction Scoring System scores to help prioritize remediation efforts.

Vendor Advisory Support

Incorporates advisories from Fortinet, Palo Alto Networks, and Cisco PSIRT.

Dashboard Analytics

Visualize vulnerability trends, severity distributions, and top affected assets in a web console.

Quick Start

1. Run heretix-cli to collect packages

# Scan the current host
heretix-cli scan --api-url http://heretix-api:5000 --api-key YOUR_KEY

# Or collect packages only (offline)
heretix-cli collect -o inventory.json

2. Import the inventory into heretix-management

# In heretix-management, open an asset and import inventory.json
# via the "Import Inventory" button in the asset detail page

3. Run a vulnerability scan

# Click "Scan" on the asset page, or use the CLI directly
heretix-cli check inventory.json --api-url http://heretix-api:5000