DEV Community

Cover image for CVE-Radar: Multi-Source Open Source CVE Dashboard for DevSecOps Teams
Ramin Najjarbashi
Ramin Najjarbashi

Posted on

CVE-Radar: Multi-Source Open Source CVE Dashboard for DevSecOps Teams

Stop Chasing Vulnerabilities: Meet CVE-Radar, Your Self-Hosted Multi-Source CVE Monitoring Dashboard
In the world of DevSecOps, staying on top of vulnerabilities is exhausting. Thousands of new CVEs drop every week, but most tools either overwhelm you with noise or miss what actually matters to your stack.
That’s why I built CVE-Radar — a powerful, beautiful, and fully open-source vulnerability radar that aggregates multiple trusted sources and shows you exactly what you need to care about.


What is CVE-Radar?

CVE-Radar is an open-source, self-hosted vulnerability intelligence platform that aggregates multiple authoritative sources (NVD, OSV, GitHub, CISA KEV, and major Linux distros) to give you a clear, real-time view of which CVEs actually affect your infrastructure.

Think of it as a smart radar for your entire tech stack — with a modern dashboard, powerful filtering, trend charts, per-tool insights, and multi-channel alerting.

Built with React, TypeScript, Express, and PostgreSQL, it's production-ready, fully Dockerized, and supports both individual developers and enterprise self-hosted environments.

CVE-Radar Dashboard - Overview with severity donut chart and vulnerability list

The Architecture & Recent Updates

CVE-Radar is built with a clean, modern full-stack architecture:

  • Frontend: React + Vite + TypeScript + Tailwind
  • Backend: Express.js + Drizzle ORM
  • Database: PostgreSQL + Redis caching
  • Deployment: Docker Compose (one-command setup) and Kubernetes friendly
  • Monitoring: Prometheus metrics

Recent Highlights

  • Major UI/UX improvements to the notification system
  • Stronger multi-source data aggregation and synchronization
  • Enhanced dashboard charts and filtering
  • Better internationalization and RTL support
  • Overall performance and stability improvements

The codebase is well-structured, documented, and contributor-friendly.


Quick Start: Give It a Spin

Getting CVE-Radar up and running is fast and straightforward. The project includes a complete Docker-based setup with helpful Makefiles.

Installation Steps

# Clone the repository
git clone https://github.com/RaminNietzsche/CVE-Radar.git
cd CVE-Radar

# Install dependencies and start development environment
make setup
make dev
Enter fullscreen mode Exit fullscreen mode

After Running

Default admin credentials and further instructions will appear in the terminal.

Recommended Enhancements

Add these to your .env file for optimal performance:

NVD_API_KEY=your_nvd_key_here
GITHUB_TOKEN=your_github_token_here
Enter fullscreen mode Exit fullscreen mode

Production Mode

make build
make up
Enter fullscreen mode Exit fullscreen mode

For advanced deployment options (Kubernetes, Air-gap, custom domains, etc.), check the full documentation in the repository.


Open Source & Proud: How You Can Help

CVE-Radar is fully open source under the MIT license, and I built it to be community-driven from day one.

Whether you're a developer, security engineer, DevOps practitioner, or just someone who cares about better vulnerability management tools — there are many ways to contribute:

Ways to Get Involved

  • Star the Repository — It helps with visibility and shows support ⭐
  • Try it out and share your feedback (open an Issue or start a Discussion)
  • Report bugs or suggest new features
  • Contribute code — The project has several “good first issue” labels for beginners
  • Add new features like:
    • More notification channels
    • Additional vulnerability sources
    • Improved matching algorithms
    • Better Kubernetes integration
  • Improve documentation or write blog posts/tutorials
  • Spread the word in your community, Discord servers, or workplace

Current Status

  • Latest Version: v1.4.0
  • Actively maintained with regular updates
  • Contributor-friendly codebase with clear architecture and good documentation

Every contribution — no matter how small — helps make CVE-Radar more powerful for the entire DevSecOps community.


Ready to join?

👉 Check out the project here: github.com/RaminNietzsche/CVE-Radar

Feel free to drop your thoughts, questions, or ideas in the comments below. What features would you like to see next? Let's build something great together! 🚀


Let’s Chat!

I’d love to hear from you!

Whether you’ve tried CVE-Radar, have feedback, found a bug, or just want to share how you handle vulnerability management in your organization — drop a comment below.

Questions I’d especially like your thoughts on:

  • What’s your biggest pain point with CVE monitoring today?
  • Which features would make this tool more valuable for your workflow?
  • Have you used similar tools (like Dependency-Track, Trivy, or Grype)? How does CVE-Radar compare?
  • Any new data sources or notification channels you’d like to see added?

Your feedback directly shapes the future of the project.


Thank you for reading! ❤️

If you found this useful, please consider:

  • ⭐ Starring the repo
  • Sharing it with your team or network
  • Trying it out and letting me know how it goes

👉 GitHub Repository

Looking forward to your comments and contributions! 🚀

Top comments (0)