Desktop Vulnerability Scanner for Veeam Backups
vScan is a desktop application that scans Veeam Backup & Replication restore points for known vulnerabilities. It mounts VM backups via Veeam's Data Integration API on a remote Linux server, scans them using industry-standard tools (Trivy, Grype, or Jadi), and tracks vulnerability lifecycle over time.
- Single & Batch Scanning Scan one VM or multiple VMs in parallel with configurable concurrency
- Scheduled Scans Cron-based scheduling with timezone support and automatic catch-up
- Three Scanners Trivy (Linux/containers), Grype (multi-language/SBOM), and Jadi (Windows/.NET)
- Vulnerability Lifecycle Track open, fixed, won't fix, accepted, and false positive statuses with detection history
- Point-in-Time Comparison Compare vulnerability state between restore points or scanners
- CISA KEV Integration Automatic flagging of Known Exploited Vulnerabilities with 24h sync
- PDF & CSV Reports Executive summary and technical reports with custom branding (logo, company name, colors)
- Dashboard Real-time severity trends, most vulnerable servers, KEV alerts, and scan statistics
- Security Master password with Argon2id + AES-256-GCM, biometric unlock (Touch ID / Windows Hello), auto-lock
- Email & Desktop Notifications SMTP alerts and native OS notifications for scan events
- System Tray Background operation with tray icon, quick access menu, and notification badges
- Scanner Management Install, update, and uninstall scanners directly from the UI with SHA-256 verification
More screenshots
| Scan Wizard | Scan Results |
|---|---|
 |
 |
| Vulnerabilities | Vulnerability Details |
|---|---|
 |
 |
| Batch Scanning | Batch Progress |
|---|---|
 |
 |
| Scheduled Scans | Point-in-Time Comparison |
|---|---|
 |
 |
| Settings | Security |
|---|---|
 |
 |
| Report Branding | KEV Catalog |
|---|---|
 |
 |
| macOS | Windows | |
|---|---|---|
| Minimum version | 13.0 (Ventura) | 10 (1803+) |
| Verified | Ventura 13, Sonoma 14, Sequoia 15, Tahoe 26 | Windows 10, 11, Server 2019/2022/2025 |
| Architecture | Apple Silicon (arm64) | x86_64 |
| Installer | .dmg |
NSIS .exe |
| Biometrics | Touch ID, Face ID | Windows Hello |
| Credential store | macOS Keychain | Windows Credential Manager |
- Veeam Backup & Replication v13 or later with REST API enabled (port 9419)
- At least one VM backup with a restore point
- Rocky Linux 9+ with SSH enabled
- Minimum specs: 2 CPU cores, 4 GB RAM, 20 GB free disk space
- Required packages (auto-installed by vScan): FUSE, NTFS-3G
- Scanners (auto-installed by vScan): Trivy, Grype, and/or Jadi
| Platform | Status |
|---|---|
| VMware vSphere | Supported |
| Microsoft Hyper-V | Supported |
| VMware Cloud Director | Supported |
| Nutanix AHV | Supported |
| Proxmox VE | Supported |
| oVirt KVM / OLVM / RHV | Supported |
| Scale Computing HyperCore | Supported |
| HPE Morpheus VM Essentials | Supported |
| AWS EC2 | Supported |
| Microsoft Azure VMs | Supported |
| Google Cloud Instances | Supported |
| Kasten Policies | Supported |
| Veeam Agent for Windows | Supported |
| Veeam Agent for Linux | Supported |
| Veeam Agent for Mac | Supported |
| Veeam Agent for Oracle Solaris | Supported |
| Veeam Agent for IBM AIX | Supported |
Download the latest release for your operating system:
| Platform | Download |
|---|---|
| Windows (x64) | vScan-Setup.exe |
| macOS (Apple Silicon) | vScan.dmg |
- Install vScan on your workstation
- Set Master Password on first launch and save your recovery key securely
- Connect to VBR Enter your Veeam Backup server address and credentials
- Add Linux Scanner Provide SSH access to your Linux server (vScan auto-installs scanners)
- Select a VM Choose from your Veeam backup inventory
- Pick a Restore Point Select which backup snapshot to scan
- Scan vScan mounts the backup, runs the scanner, and shows results
See the Getting Started Guide for detailed instructions.
- Mount vScan uses the Veeam Data Integration API to publish a restore point on the Linux scanner server
- Scan Trivy, Grype, or Jadi scans the mounted filesystem for known vulnerabilities (CVEs)
- Track Results are stored locally with lifecycle tracking (new, fixed, reopened)
- Report Generate PDF/CSV reports, compare restore points, track trends over time
| Language | Documents |
|---|---|
| English | Overview · Installation · Getting Started · User Guide · Scanners · FAQ |
| Español | Overview · Instalacion · Inicio Rapido · Guia de Usuario · Scanners · FAQ |
vScan encrypts all stored credentials with AES-256-GCM and derives encryption keys using Argon2id. Supports Touch ID and Windows Hello for quick unlock. All data stays local, no telemetry or external reporting.
For vulnerability reports, see SECURITY.md.
MIT License see LICENSE for details.
Marco Escobar mescobarcl
- Website: 24xsiempre.com
vScan is not affiliated with or endorsed by Veeam Software.