SIGVI is an Open Source application, under GPL license.

Basically, SIGVI is an application to detect vulnerabilities on our network.

It is not magic (still ...), simply compares the vulnerabilities that it has received from the sources with the software that we have installed on our servers. Those vulnerabilities are stored into the database creating a vulnerability repository.

When finds a software version that is vulnerable, it creates an alert and send notifications to all the administrators of this server.
The SIGVI has been (and is being) developed at UPCnet, from Politechnical University of Catalonia (UPC), Spain.

The SIGVI uses vulnerability sources to download / receive the updates of the vulnerabilities. Periodically, the application connect to the sources, using their plugin, get the vulnerabilities and store them into the SIGVI database. Those vulnerabilities are available through one of the pages from SIGVI, with search options.

The vulnerability system is based on plugins, so you can define your own sources format inheriting the main source class and write two functions to read and loop rows, but don’t worry, because, by default, the application suports the NVD(National Vulnerability Database: format.

SIGVI has been added to Security-Database Tools Tracker Monitor

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Vulnerability Management