Elastic’s Cloud Native Vulnerability Management (CNVM) feature helps you identify known vulnerabilities in your cloud workloads.

Setup uses infrastructure as code. For instructions, refer to Get started with Cloud Native Vulnerability Management.

How CNVM worksedit

During setup, you will use an infrastructure as code provisioning template to create a new virtual machine (VM) in the cloud region you wish to scan. This VM installs Elastic Agent and the Cloud Native Vulnerability Management (CNVM) integration, and conducts all vulnerability scanning.

The CNVM integration uses Trivy, a comprehensive open-source security scanner, to scan cloud workloads and identify security vulnerabilities. During each scan, the VM running the integration takes a snapshot of all cloud workloads in its region using the snapshot APIs of the cloud service provider, and analyzes them for vulnerabilities using Trivy. Therefore, scanning does not use resources on the VMs being scanned. All resource usage occurs on the VM installed during CNVM setup.

The scanning process begins immediately upon deployment, then repeats every twenty-four hours. After each scan, the integration sends the discovered vulnerabilities to Elasticsearch, where they appear in the Vulnerabilities tab of the Findings page.