Renderowana dokumentacja
Ta strona renderuje Markdown i Mermaid modulu bezposrednio z publicznego zrodla dokumentacji.
Overview#
Argus provides continuous vulnerability monitoring across your application dependencies, container images, and infrastructure-as-code configurations. The platform identifies known vulnerabilities, assesses risk in context, and automates remediation through pull request generation and compatibility analysis -- helping development teams address security issues efficiently without disrupting delivery workflows.
Key Features#
-
Dependency Vulnerability Scanning - Analysis of application dependencies across multiple programming languages and package managers identifies known vulnerabilities, including those buried deep in transitive dependency chains that other scanners miss.
-
Container Image Security - Multi-layer analysis of container images detects vulnerabilities in base images, application packages, and operating system components, along with configuration issues and exposed secrets.
-
Infrastructure-as-Code Security - Security analysis of infrastructure definitions catches misconfigurations, compliance violations, and best practice deviations before deployment, preventing security issues from reaching production.
-
Contextual Risk Assessment - Each vulnerability is assessed in the context of your application, considering factors like exploit availability, whether the vulnerable code is reachable, data sensitivity, and exposure level to prioritize remediation efforts effectively.
-
Automated Remediation - The platform generates pull requests with dependency updates, predicts breaking change likelihood, runs automated tests to validate fixes, and supports gradual rollout strategies for high-risk remediations.
-
CI/CD Integration - Scanning integrates directly into your development pipeline, with configurable thresholds that can warn or block deployments based on vulnerability severity, ensuring security gates are enforced automatically.
-
Continuous Monitoring - Ongoing vulnerability monitoring alerts you when new CVEs affect your existing dependencies, containers, or infrastructure, even between active scans.
How It Works#
Dependency Scanning#
The platform analyzes your application's dependency manifest and lock files to build a complete dependency graph including all transitive dependencies. Each dependency is checked against multiple vulnerability databases for known CVEs, with severity scoring, exploit availability assessment, and remediation guidance.
Supported ecosystems include JavaScript/Node.js, Python, Java, Ruby, .NET, Go, Rust, PHP, and additional languages. Both direct and transitive dependencies are fully analyzed.
Container Security#
Container images are analyzed layer by layer, examining:
- Operating system packages for known vulnerabilities with fix availability
- Application dependencies embedded in the image
- Configuration issues such as running as root, exposed ports, or secrets embedded in layers
- Compliance violations against container security benchmarks
- Base image recommendations suggesting more secure or better-maintained alternatives
Infrastructure-as-Code Security#
Infrastructure definitions are analyzed against security policies and compliance frameworks before deployment:
- Security misconfigurations such as overly permissive access controls, unencrypted storage, or public exposure
- Compliance violations against industry benchmarks and regulatory requirements
- Best practice deviations that could weaken security posture
- Automated fixes with corrected code for common misconfigurations
Remediation Automation#
When vulnerabilities are found, the platform streamlines remediation:
- Risk Prioritization - Vulnerabilities are ranked by contextual risk score considering severity, exploitability, exposure, and asset criticality
- Fix Analysis - Available fixes are analyzed for compatibility, with machine learning predicting breaking change likelihood
- Pull Request Generation - Automated PRs include the dependency update, test results, and detailed explanation of the fix
- Validation - Automated tests verify the fix does not introduce regressions
- Deployment Guidance - Risk-appropriate deployment strategies are recommended, from immediate deployment to canary rollout
Compliance#
Vulnerability scanning supports compliance with:
- PCI-DSS - Vulnerability management requirements (Requirement 6.2)
- HIPAA - Security rule vulnerability analysis requirements
- SOX - IT general controls for software security
- FedRAMP - Continuous monitoring and vulnerability scanning
- ISO 27001 - Technical vulnerability management (A.12.6.1)
- NIST 800-53 - Vulnerability scanning controls (RA-5)
- SOC 2 - Vulnerability management and patching controls
Integrations#
The scanning platform integrates with CI/CD pipelines, container registries, issue tracking systems, and developer tools to fit naturally into existing development workflows.
Availability#
- Enterprise Plan: Full vulnerability scanning suite included
- Professional Plan: Dependency scanning included; container and IaC scanning available as add-on
Last Reviewed: 2026-02-05