Data transmitted

Full transparency about what leaves your machine. The secvalis.sh agent scans locally with Trivy and uploads only vulnerability metadata to POST /api/v1/audit. This page lists every field we send — and everything we never send.

Top-level fields

machine_labelMachine label you assigned (identity in the dashboard).
hostnameMachine hostname. null when the agent runs with --no-hostname.
distroOS distribution name (e.g. ubuntu, debian, alpine).
distro_versionDistribution version (e.g. 22.04).
agent_versionVersion of the secvalis.sh agent script.
scan_timezoneHost time zone (IANA) — used to timestamp the scan.
scan_statusScan status: ok | partial | failed (drives server-side SLA logic).
trivy_resultsSlimmed Trivy scanner result — only the fields described below.

Scan result fields (trivy_results)

The Trivy output is slimmed on your host before upload — only the fields below are kept. Package-level details never include file contents.

Metadata.DB.UpdatedAtTrivy vulnerability DB version date (scan provenance).
Results[].TargetScan target, e.g. “ubuntu (ubuntu 22.04)”.
Results[].Class / .TypePackage source class and type (os-pkgs, language, etc.).
Results[]._sourceImageName of the scanned image/container — only for LXC scans (--scan-lxc).
Vulnerabilities[].VulnerabilityIDVulnerability identifier (CVE / GHSA).
Vulnerabilities[].PkgNameName of the vulnerable package (e.g. openssl).
Vulnerabilities[].InstalledVersionInstalled package version.
Vulnerabilities[].FixedVersionVersion containing the fix (if available).
Vulnerabilities[].SeveritySeverity per Trivy (CRITICAL…LOW).
Vulnerabilities[].TitleShort vulnerability title.
Vulnerabilities[].DescriptionVulnerability description, truncated to 300 characters.
Vulnerabilities[].PrimaryURLPublic reference link (e.g. Aqua AVD / NVD).

Example payload

A representative (redacted) payload for a single machine with one finding:

{
  "machine_label": "web-prod-01",
  "hostname": "web-prod-01.internal",
  "distro": "ubuntu",
  "distro_version": "22.04",
  "agent_version": "1.4.0",
  "scan_timezone": "Europe/Warsaw",
  "scan_status": "ok",
  "trivy_results": {
    "Metadata": { "DB": { "UpdatedAt": "2026-07-08T04:12:00Z" } },
    "Results": [
      {
        "Target": "ubuntu (ubuntu 22.04)",
        "Class": "os-pkgs",
        "Type": "ubuntu",
        "Vulnerabilities": [
          {
            "VulnerabilityID": "CVE-2026-12345",
            "PkgName": "openssl",
            "InstalledVersion": "3.0.2-0ubuntu1.10",
            "FixedVersion": "3.0.2-0ubuntu1.15",
            "Severity": "HIGH",
            "Title": "openssl: denial of service in X.509 parsing",
            "Description": "A flaw was found in the way OpenSSL handled ...",
            "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-12345"
          }
        ]
      }
    ]
  }
}

What we never send

  • Contents of files on your machines
  • Image layers, references and Trivy file metadata
  • Environment variables
  • Secrets, passwords, keys and tokens
  • Configuration files
  • User data and application data

Data minimisation & offline

Run the agent with --no-hostname and its real hostname never leaves the host — it is sent as null and the machine label becomes its identity. Uploads currently require an HTTPS connection to api.secvalis.eu; there is no offline / air-gapped relay mode yet — tell us if you need one.

Verify it yourself

Don't take our word for it. Run the agent with --dry-run to print the exact payload without sending anything.

See also API & integrations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS