Can someone recommend some self-hosted or not, tool that I could schedule for periodical scans of all I host and is exposed to public internet?
I think I did all by the book now, including crowdsec and/or fail2ban, but recently for example I got an email from German CERT that my n8n is out of date and has some CVEs. All of them were not exploitable in my case but that got me thinking that if CERT can do it, maybe there are some services or tools that I could use and get alerts sooner if something is vulnerable in my infrastructure.
Any recommendations welcomed! Ideally self hosted and FOSS of course.
Instead of trying to automatically scan your environment, it’s probably better to figure out how to automatically update applications first. CVE’s eventually get patched.
Having one didn’t mean the other is not useful.