SecurePulse
FAQ Login Registrieren

Frequently Asked Questions

Find answers to the most common questions about SecurePulse

Basics

SecurePulse is a free CVE monitoring tool that automatically notifies you about new security vulnerabilities. It syncs regularly with the NIST National Vulnerability Database and alerts you via email, Telegram or webhook when new CVEs match your defined filters.

CVE stands for Common Vulnerabilities and Exposures. It is a standardized system for identifying and cataloging security vulnerabilities in software and hardware.

Each vulnerability receives a unique CVE-ID (e.g., CVE-2024-12345) and a CVSS score (0-10) indicating severity:

Low (0-3.9) Medium (4.0-6.9) High (7.0-8.9) Critical (9.0-10)

Yes, SecurePulse is completely free. It is a private hobby project provided without warranty. You can create unlimited watchers and use all features without restrictions.

Watchers

After registration, click "New Watcher" in the dashboard. You can specify:

  • Name: Any name for your watcher
  • Vendor: The manufacturer (e.g., "microsoft", "apache") - optional
  • Product: The product (e.g., "windows_10", "log4j") - optional
  • Min. Severity: Only CVEs from this CVSS score

Tip: Leave Vendor or Product empty to monitor all CVEs for that criterion.

When creating a watcher, SecurePulse offers autocomplete suggestions. Simply start typing and you will see matching suggestions based on existing CVE entries.

Alternatively, you can search for known products in the CVE browser and check the vendor/product names used there.

Or use SBOM Import to automatically import all dependencies from your project.

SBOM (Software Bill of Materials) is a list of all components and dependencies in your software. With SBOM Import you can automatically create a watcher for all your dependencies.

Supported formats:

  • CycloneDX (JSON)
  • SPDX (JSON)

How to use:

  1. Go to Watchers and click "SBOM Import"
  2. Upload your SBOM file (drag & drop or select file)
  3. Review the detected components
  4. Configure watcher settings (name, severity, notifications)
  5. Click "Create Watcher"

Tip: You can generate SBOM files with tools like npm sbom, cyclonedx-cli, syft, or your CI/CD pipeline.

Security News & KI

SecurePulse aggregiert stündlich Security-News aus vertrauenswürdigen Quellen wie Heise Security, Bleeping Computer, The Hacker News und weiteren.

Die Artikel werden automatisch per KI ins Deutsche übersetzt und mit Relevanz-Scores versehen, die zeigen welche News für deine Watchers relevant sind.

Heise Bleeping Computer The Hacker News + weitere

Der KI Security Digest ist eine automatisch generierte Zusammenfassung der wichtigsten Security-News. Claude KI analysiert alle News und erstellt:

  • Täglicher Digest: Jeden Tag um 08:00 Uhr
  • Wöchentlicher Digest: Jeden Montag um 08:00 Uhr

Jeder Digest enthält eine Zusammenfassung, die wichtigsten Meldungen nach Schweregrad, meistgenannte CVEs und Trending Topics.

Du findest den Digest unter News → KI-Übersicht oder direkt im Dashboard.

Auf jeder CVE-Detailseite kannst du eine KI-Analyse anfordern. Claude KI erklärt die Schwachstelle verständlich und liefert:

  • Verständliche Erklärung der Schwachstelle
  • Betroffene Systeme und Versionen
  • Mögliche Auswirkungen
  • Konkrete Handlungsempfehlungen

Die Analyse wird gecacht, sodass sie bei erneutem Aufruf sofort verfügbar ist.

Notifications

SecurePulse offers multiple notification channels:

  • Email: Automatic email notifications
  • Telegram: Instant notifications via Telegram Bot
  • Webhooks: Integrate with Slack, Discord, etc.
  • RSS Feeds: Subscribe to your CVEs in any feed reader
  • In-App: Notifications directly in the dashboard

SecurePulse syncs CVE data hourly from NIST NVD and from MITRE cvelistV5. Vendor advisories (CSAF 2.0) are pulled every two hours. As soon as new entries match your watchers, you will receive a notification.

Vendor advisories are security notices that vendors like Red Hat or SICK publish themselves. SecurePulse ingests them in the CSAF 2.0 standard format — including affected products, CVSS scores, remediations and CVE cross-references.

They often appear hours to days before a matching CVE is fully indexed at NVD, and they carry vendor-confirmed version ranges. Your watchers match advisories the same way they match CVEs — by vendor, product and severity.

Browse advisories →

SecurePulse distinguishes between new CVEs and modified CVEs. You can configure which change types should trigger notifications:

  • 🚨 KEV - Added to CISA Known Exploited Vulnerabilities
  • 💥 Exploit - Public exploit or PoC available
  • ⬆️ Severity - CVSS score increased
  • 📈 EPSS - Exploitation probability score increased
  • 🏷️ CPE - New vendor/product added
  • 📝 Other - Description, references, or CWE changed

Configure these options when creating or editing a watcher under "Notification settings".

RSS feeds allow you to subscribe to your CVE notifications in any feed reader app.

How to set it up:

  1. Go to your Profile (click your name in the top right)
  2. Scroll down to the "RSS Feeds" section
  3. Copy the feed URL using the copy button
  4. Paste the URL in your RSS reader (e.g., Feedly, Inoreader, Thunderbird)

Tip: Each watcher also has its own RSS feed URL, which you can find when editing the watcher.

Data & Sources

SecurePulse combines three authoritative sources:

  • NIST NVD — the US National Vulnerability Database with over 200,000 documented CVEs, enriched with CPE and CVSS data.
  • MITRE cvelistV5 — MITRE publishes hourly delta releases with CVE records directly from the CNAs, often earlier than NVD.
  • CSAF 2.0 Vendor Advisories — structured security advisories from trusted providers such as Red Hat and SICK. Matches include affected products and remediations.

nvd.nist.gov → MITRE cvelistV5 → OASIS CSAF 2.0 →

Yes, you can subscribe to RSS feeds for your watchers. These contain all matched CVEs and can be imported into any common feed reader or other tools. You can find the feed URLs in your profile settings.

Zusätzlich bietet der Bereich Export & Statistik Exportmöglichkeiten für CSV und PDF-Reports.

SecurePulse is a private hobby project by Ing. Andreas Juen (CodeX) from Landeck, Austria. The project was created out of a personal need to stay informed about security issues in used software.

Not all CVEs from NVD contain vendor/product information. For these CVEs, we try to automatically determine this information:

  • (estimated) - Determined via CPE Guesser API based on the CVE description
  • (AI) - Determined by AI analysis when CPE Guesser found no match

These labels indicate that the vendor/product assignment was not officially confirmed by NVD and may be inaccurate.

API / Developers

SecurePulse provides a REST API for automating SBOM uploads from your CI/CD pipelines.

  • Endpoint: POST /api/sbom
  • Authentication: Bearer Token
  • Format: multipart/form-data

Getting Started in 3 steps:

  1. Generate an API token in your profile settings
  2. Create an SBOM file using tools like syft, cyclonedx-cli, or npm sbom
  3. Call the API with your token and SBOM file

Example:

curl -X POST https://your-domain.com/api/sbom \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "sbom_file=@sbom.json"

GitLab CI 

# .gitlab-ci.yml
upload_sbom:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add --no-cache curl
  script:
    - curl -X POST $SECUREPULSE_URL/api/sbom
        -H "Authorization: Bearer $SECUREPULSE_TOKEN"
        -F "sbom_file=@sbom.json"
  only:
    - main

Add SECUREPULSE_URL and SECUREPULSE_TOKEN as CI/CD variables.

GitHub Actions 

# .github/workflows/sbom.yml
name: Upload SBOM
on:
  push:
    branches: [main]

jobs:
  upload:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Upload SBOM to SecurePulse
        run: |
          curl -X POST ${{ secrets.SECUREPULSE_URL }}/api/sbom \
            -H "Authorization: Bearer ${{ secrets.SECUREPULSE_TOKEN }}" \
            -F "sbom_file=@sbom.json"

Add SECUREPULSE_URL and SECUREPULSE_TOKEN as repository secrets.

Still have questions? Go to Imprint