Turbo Scan

Turbo Scan is a powerful feature that allows you to generate a Software Bill of Materials (SBOM) for your applications and analyze them for vulnerabilities.

This section provides detailed information on how to use the turbo scan command-line tool and the Turbo.net Scan web service.

Getting Started

If you're new to SBOMs and vulnerability management, we recommend starting with our concepts section to understand the foundational knowledge:

• What is an SBOM? - Learn about Software Bills of Materials and why they're essential for modern security
• Vulnerability Data Sources - Understand the power of multi-source vulnerability intelligence
• Understanding Vulnerabilities - Deep dive into CVEs, CVSS scoring, and vulnerability types
• Vulnerability Management - Best practices for risk-based vulnerability management
• Compliance and Value - How vulnerability management supports compliance requirements

For hands-on guidance, see our Getting Started Guide.

Key Features

• SBOM Generation: Create comprehensive SBOMs in CycloneDX format.
• Vulnerability Analysis: Upload your SBOM to turbo.net/scan to receive a detailed vulnerability report.
• Seamless Integration: Integrates with your existing Turbo workflows.

Data Sources

Our vulnerability analysis combines information from multiple industry-standard databases to provide the most comprehensive results. We aggregate data from:

• Common Vulnerabilities and Exposures (CVE): A dictionary of publicly known information-security vulnerabilities and exposures. Each vulnerability is assigned a unique CVE identifier.
• National Vulnerability Database (NVD): The U.S. government repository of standards-based vulnerability management data. The NVD enriches CVE data with additional analysis, including CVSS scores.
• Vendor-Specific Databases: Specialized databases from major software vendors, providing detailed information about their products.

Understanding the Results

Our vulnerability reports use the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities. CVSS is an open standard for assessing the severity of computer system security vulnerabilities.

CVSS Severity Levels

The CVSS score is translated into qualitative severity levels to help you prioritize remediation efforts. Our reports highlight Critical and High severity vulnerabilities, which should be addressed with urgency.

• Critical (9.0-10.0): Represents the most severe vulnerabilities, which can be exploited easily and result in significant consequences.
• High (7.0-8.9): Indicates vulnerabilities that are more difficult to exploit but can still lead to significant data loss or system compromise.
• Medium (4.0-6.9): Vulnerabilities that require more specific conditions to be exploited.
• Low (0.1-3.9): Vulnerabilities with minimal impact.

Remediation

Turbo provides powerful tools to help you remediate identified vulnerabilities:

• Automated Patching: Turbo can automatically apply security patches to your applications, ensuring that they are always up-to-date and protected against known vulnerabilities.
• Containerization and Isolation: By containerizing your applications, you can isolate them from the underlying operating system and other applications. This limits the potential impact of a vulnerability and prevents it from spreading to other parts of your system.