Digi ConnectCore Security Services provide advanced CVE (Common Vulnerabilities and Exposures) analysis and monitoring to help you identify, assess, and remediate security risks in your firmware at every stage of the product lifecycle.
By continuously monitoring your firmware and SBOM (Software Bill of Materials), you can ensure your devices remain protected against newly discovered vulnerabilities, whether your firmware is still in development or already deployed in the field.
Why analyze and monitor a CVE?
-
Proactive security: Detect vulnerabilities early and address them before they impact your devices.
-
Continuous protection: Monitor released firmware for new threats that may emerge after deployment.
-
Actionable reports: Receive curated vulnerability reports with clear remediation guidance.
-
Flexible integration: Choose the workflow that best fits your development and deployment process.
CVE scanning workflows
You can integrate CVE scanning in two main scenarios:
-
Scan released or deployed firmware images to detect new vulnerabilities that may arise. This workflow uses Digi Remote Manager to upload firmware and SBOM packages, perform CVE scans, and review detailed security reports. Use this method if you want to monitor firmware that is already released or deployed on devices.
-
Analyze development firmware (CI/CD).
Integrate SBOM scanning and CVE reporting directly into your Yocto build process for continuous security monitoring and early remediation. This workflow automates SBOM generation, scanning, and report retrieval as part of your CI/CD pipeline, without manual uploads or web interface interaction. Use this method if you want to catch and fix vulnerabilities early as part of your development and integration process.
