“Let's build an open-source vulnerability scanner together! 2 weeks ago hundreds of you all participated in a discussion on what features a vulnerability scanner needs.”

Hundreds of security practitioners shaped Sirius Scan's direction from day one through open community discussions.

“I think I may do a poll on most request features based on this thread. It looks like API extensibility is coming in at the top — module coverage and risk adjustment based on asset tagging.”

From scan profiles to environment views, every major feature started as a community request.

“Ok, wish list: 1) Import multiple vuln DBs... Not only the CVE one. 2) Adding more intelligence when fingerprinting. 3) Validation of vulns. 4) Graphic patterns...”

An open wish list lets everyone vote on priorities. The most-requested capabilities shape the roadmap.

“If you want to make it actionable at large scale, integration with an asset inventory is a must. And allow access to results based on that. Inventory data can be assigned through an API.”

Enterprise users requested CMDB integration to connect vulnerability data with asset management workflows.

“This week's topic will be on scanning agents! Agent AND scan-based, because I can't put agents on everything. Reasonable costs to deploy small and large. Remote engines. A solid API.”

Ongoing conversations about scanning strategies and security operations keep the community engaged.

“Tell me how effective I am at remediation. Ideally from the data the vulnerability was published but you could also take the data from the first scan.”

Collaborative assessment of remediation strategies helps teams move from discovery to action.

“I'll second the backdooring cleverness. They're all terrible at that. Agent AND scan-based, because I can't put agents on everything.”

The agent architecture was designed with direct community input — lightweight, deployable agents that report host-level telemetry.