Login   |   1.866.392.4897 |   sales@timesys.com English Japanese German French Korean Chinese (Simplified) Chinese (Traditional)
Timesys Vigiles Vulnerability Monitoring and Remediation

Vulnerability Monitoring and Remediation

Vigiles

Best-in-class vulnerability monitoring and remediation tool that combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.

Try It For FreeWatch the Video

You need a continuous security feed against all of your SBOMs so you don’t get blindsided by vulnerabilities.

Vulnerabilities leave devices open to devastating cybersecurity attacks, making headlines across the globe time and time again. With 350+ new vulnerabilities per week and numbers increasing drastically for the past 5 years, you need a tool to manage the onslaught of new vulnerabilities, cut through the noise, and identify the most pressing threats so you can take action.

Looking for a tool that can alert you to important, relevant vulnerabilities in your product software?

Tired of chasing false positives and hunting for vulnerability fixes?

Trying to streamline your vulnerability management with a tool that adapts to your SDLC process?

Take advantage of our purpose-built vulnerability management tool, Vigiles.

For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market of more secure products.

How It Works

Use Accurate Device Information

SBOM Generation and Integration

Vigiles supports all major Linux build system integrations including Yocto, Buildroot, PetaLinux, Wind River Linux, PTXdist, OpenWrt, and Timesys Factory for more accurate SBOM generation.

  • Captures your kernel and U-Boot configuration for better mapping of package names to CVE naming, package version, and applied patches
  • Automatic scan of your SBOM against our curated vulnerabilities database creates an immediate CVE report
  • Manage software supply chain risks leveraging detailed SBOM
  • Intuitively track and manage SBOMs across various products and releases
Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD)

Start with a Better List of CVEs

Timesys Curated Database

Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD) with Timesys’ curated CVE/CPE database.

  • More accurate data: Timesys Vigiles team manually analyzes incorrect CVEs and updates in our system
  • Optimized for embedded: intelligent curation algorithms for the Linux kernel and U-Boot run daily
  • Get alerts earlier: we minimize reporting delays by up to four weeks by pulling data from multiple feeds

See Only Applicable CVEs

Your Build + Our Database =
Accurate Results

Vigiles only pulls the data for the CVEs that correspond to your SBOM, giving you a curated list to review.

  • Drastically reduce your workload
  • 85% fewer CVEs to analyze
  • 95% fewer false positives
Vigiles only pulls the data for the CVEs that correspond to your SBOM

Filter the Shortlist Quickly

Identify Top Vulnerabilities Based on Your Risk Analysis

Powerful filters allow you to quickly identify the CVEs that you want to fix.

  • Filter CVEs by: package affected, patch or fix availability, CVE severity, custom scoring, affected platforms, notes/comments, and kernel and U-Boot configuration options
  • Identify CVEs you want to ignore by actively whitelisting

Keep Your Remediation Team in Sync

Document Your Decisions and Coordinate Responses

Streamline vulnerability management and mitigation with easy-to-use collaboration tools.

  • Share manifests with other team members so they can add notes to CVEs, whitelist them, and more
  • Connect Vigiles with Jira for seamless issue tracking

Stop Searching and Start Patching

See the Remediation Options with One Click

For every CVE found in your scanned SBOM, Vigiles will let you know if there is a fix and give you the patch, minimum version, and/or config option information needed to remediate the vulnerability.

  • Easily identify remediation options with resources included in your report
  • Make quick fixes with links to available patches, workarounds for remediation when a patch is not available, and links for recreating the CVE exploit for testing

Enjoy Easier Regulatory Compliance

Use Shareable Reports and
Diff-Like Comparisons Tools

Comparing reports and viewing report history enables you to more efficiently manage cybersecurity vulnerabilities affecting your product throughout its product lifecycle and comply with government and regulatory security standards.

  • Track changes between releases and automatically create a summary report for release notes
  • View side-by-side manifest comparison with searchable manifest and CVE sections
  • Export your SBOM in SPDX format, an official international open standard for SBOMs
shareable reports enable you to more efficiently manage cybersecurity vulnerabilities

Keep Your Product Secure with Continuous Monitoring

Set up Your Security Feed and Alerts with Emailed Reports

Vigiles securely maintains current manifests of your products and continuously rescans and tracks vulnerabilities for all versions even after your product is released and in production.

  • Stay on top of new vulnerabilities with periodic rescans and reports
  • Keep your device secure in the field, for full product lifecycle

You Could Try Another Tool, But
Why Would You?

SCA Optimized for Embedded

SCA Optimized for Embedded

build system integration, kernel/u-boot filters, and platform filters for 85% fewer CVEs to analyze

Superior Curated Data Accuracy

Superior Curated Data Accuracy

95% fewer false positives plus more coverage and earlier reporting

Fits into Software Development Life Cycle Workflow

Fits into Software Development Life Cycle Workflow

CI/CD, Jira integration, APIs, team collaboration

Streamline compliance

Streamline Compliance

SBOM generation, license and vulnerability policy, and documentation

Efficient triaging and remediation

Efficient Triaging and Remediation

Email alerts, intelligent filtering, links to fixes

ROI in as little as 3 months

ROI in as Little as 3 Months

with time saved

Streamline Your Process with a Workflow Backbone that will Pay for Itself

Vigiles gives you the complete process to track, triage, remediate, and document CVEs affecting your device. With more accurate data and powerful filters, Vigiles pays for itself in time saved in as little as three months.

How much can Vigiles save you? Try out our ROI calculator here.

What Does Vigiles Cost?

Vigiles is offered in three versions: Free, Plus, and Prime. Vigiles Free offers basic CVE monitoring with alerts and reports, while Plus and Prime are annual subscription plans that include advanced, time-saving triage and remediation features.

Free

$0 /year

Free, basic version providing CVE monitoring for a single component list. Includes alerts of new vulnerabilities, summaries of severities and status, and on-demand reports for your projects.

Learn More

Plus

$9900 /year

The Free version’s CVE monitoring upgraded to unlimited component lists, plus collaboration tools for CVE triage and mitigation, advanced filtering, detailed notifications, and advanced reporting tools.

Learn More

Prime

$14,900 /year

All features of Free and Plus, along with unique patch notification and management features, links to Linux kernel patches based on identified CVEs, advanced CVE filtering, and fixed version notifications for OSS.

Learn More

READY TO GET STARTED WITH VIGILES?

Try Vigiles Prime Free for 30 Days

Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.

What You Get

Vigiles sets you up for success with everything you need to track, triage, remediate,
and document CVEs affecting your device, saving you time and money.

Vigiles Plus or Prime

Vigiles Plus or Prime

Vigiles Plus offers powerful triage and collaboration tools, enabling your team to rapidly prioritize, assess, and remediate security issues. Vigiles Prime offers all the features of Plus, with additional patch notification and management features to secure the software components that are identified in your SBOMs.

Ten User Logins

Ten User Logins

Collaborate across your team for efficient vulnerability monitoring and management with ten user logins

CVE Triage Guide

CVE Triage Guide

Learn how to make the most of Vigiles’ triage features to pinpoint the vulnerabilities that apply to your products, prioritize them based on risk, and remediate the largest security threats

Quick Start Training

Quick Start Training

Use our Quick Start Training to see vulnerabilities for your project’s Software Bill of Materials (SBOM) in less than 30 minutes.

Access to Support and Feature Request

Easy Access to Support and Feature Request

Easily contact support to submit feedback or request features within Vigiles. Issues are typically addressed within 72 hours, and all Vigiles users benefit so feedback is encouraged.

WANT TO SEE IT IN ACTION AND ASK QUESTIONS?

Schedule a Demo for Your Use Case

Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.

Still Have Questions? Check out the FAQ

Our FAQ covers everything from version features, to how Vigiles improves upon the National Vulnerability Database (NVD), to how Vigiles stacks up against other vulnerability scanners.

Check the FAQ

Need Vulnerability Monitoring and Remediation but Don’t Want to Do It Yourself? Check out our Linux OS/BSP Maintenance Service

Timesys’ Linux OS/BSP Maintenance is a subscription service that provides long-term security upgrades and maintenance of your Linux OS/BSPs alongside Vigiles’ vulnerability monitoring and management capabilities.

Check out Linux OS / BSP Maintenance

Using an RTOS? We’ve Got You Covered

With Vigiles, you can upload an SBOM or use our manifest creator tool to create reports and monitor Zephyr, FreeRTOS, or Mbed vulnerabilities.

View a sample Zephyr report (requires login):

See a Sample Report

Already Using Black Duck? Stack the Benefits with Vigiles

Black Duck users can add Vigiles to their security toolkit to drastically reduce their workload. Vigiles leverages information from SBOMs to reduce false positives by 95% and reduce CVEs to analyze by 85% as compared to Black Duck. Learn more about how using these function-specific tools in tandem leads to improved efficiency and productivity:

See How Black Duck and Vigiles Work Together

See how Vigiles stacks up to other Software Composition Analysis (SCA) tools:

Compare Vigiles Against Other SCA Tools

See the impact of Vigiles in action

Vigiles demo
Demo

Schedule a Demo of Timesys Vulnerability Monitoring

Request a personalized demo to see how Vigiles can save you time with a curated database of CVEs, powerful filtering, and on-demand reporting

Schedule a Demo

Webinar

Software Security Management: Cutting through the vulnerability storm with Vigiles

Learn how to use Vigiles for automated security monitoring on your Linux BSPs, rapid security assessment and triage, and efficient security and vulnerability remediation.

Watch the Webinar

Blog

Evaluating vulnerability tools for embedded Linux devices

How to choose the right vulnerability management tool to bring your security maintenance cost down while improving the security posture of the device

Read the Blog