DevOps Dictionary

Vulnerability Scanning is an automated security practice that inspects systems, networks, applications, and dependencies to identify known weaknesses such as unpatched software, insecure configurations, and exposed services. It addresses the problem of hidden risk in fast-moving environments by comparing what is running against vulnerability databases and baseline rules, then reporting findings with details like affected components, severity, and recommended fixes. Scans can run on a schedule or inside CI/CD pipelines, and authenticated scans (using approved access) can see deeper into hosts and applications to reduce blind spots.

With vulnerability scanning, teams catch issues earlier and prioritize remediation based on real exposure; without it, weaknesses often linger until they are exploited or surface during an incident, increasing downtime and recovery effort. This gap exists because modern stacks change continuously, and manual reviews cannot keep pace with dependency updates and configuration drift.