You need a continuous security feed against all of your SBOMs so you don’t get blindsided by vulnerabilities.
Vulnerabilities leave devices open to devastating cybersecurity attacks, making headlines across the globe time and time again. With 350+ new vulnerabilities per week and numbers increasing drastically for the past 5 years, you need a tool to manage the onslaught of new vulnerabilities, cut through the noise, and identify the most pressing threats so you can take action.
Looking for a tool that can alert you to important, relevant vulnerabilities in your product software?
Tired of chasing false positives and hunting for vulnerability fixes?
Trying to streamline your vulnerability management with a tool that adapts to your SDLC process?
Take advantage of our purpose-built vulnerability management tool, Vigiles.
For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market of more secure products.
How It Works
Use Accurate Device Information
SBOM Generation and Integration
Vigiles supports all major Linux build system integrations including Yocto, Buildroot, PetaLinux, Wind River Linux, PTXdist, OpenWrt, and Timesys Factory for more accurate SBOM generation.
- Captures your kernel and U-Boot configuration for better mapping of package names to CVE naming, package version, and applied patches
- Automatic scan of your SBOM against our curated vulnerabilities database creates an immediate CVE report
- Manage software supply chain risks leveraging detailed SBOM
- Intuitively track and manage SBOMs across various products and releases, and import industry-standard SBOM formats such as CycloneDX, SPDX, and SPDX Lite

Start with a Better List of CVEs
Timesys Curated Database
Vigiles provides up to 40% accuracy improvement over the National Vulnerability Database (NVD) with Timesys’ curated CVE/CPE database.
- More accurate data: Timesys Vigiles team manually analyzes incorrect CVEs and updates in our system
- Optimized for embedded: intelligent curation algorithms for the Linux kernel and U-Boot run daily
- Get alerts earlier: we minimize reporting delays by up to four weeks by pulling data from multiple feeds
See Only Applicable CVEs
Your Build + Our Database =
Accurate Results
Vigiles only pulls the data for the CVEs that correspond to your SBOM, giving you a curated list to review.
- Drastically reduce your workload
- 85% fewer CVEs to analyze
- 95% fewer false positives

Filter the Shortlist Quickly
Identify Top Vulnerabilities Based on Your Risk Analysis
Powerful filters allow you to quickly identify the CVEs that you want to fix.
- Filter CVEs by: package affected, patch or fix availability, CVE severity, custom scoring, affected platforms, notes/comments, and kernel and U-Boot configuration options
- Identify CVEs you want to ignore by actively whitelisting
Keep Your Remediation Team in Sync
Document Your Decisions and Coordinate Responses
Streamline vulnerability management and mitigation with easy-to-use collaboration tools.
- Share manifests with other team members so they can add notes to CVEs, whitelist them, and more
- Connect Vigiles with Jira for seamless issue tracking
Stop Searching and Start Patching
See the Remediation Options with One Click
For every CVE found in your scanned SBOM, Vigiles will let you know if there is a fix and give you the patch, minimum version, and/or config option information needed to remediate the vulnerability.
- Easily identify remediation options with resources included in your report
- Make quick fixes with links to available patches, workarounds for remediation when a patch is not available, and links for recreating the CVE exploit for testing
Enjoy Easier Regulatory Compliance
Use Shareable Reports and
Diff-Like Comparisons Tools
Comparing reports and viewing report history enables you to more efficiently manage cybersecurity vulnerabilities affecting your product throughout its product lifecycle and comply with government and regulatory security standards.
- Track changes between releases and automatically create a summary report for release notes
- View side-by-side manifest comparison with searchable manifest and CVE sections
- Export your SBOM in SPDX or SPDX Lite file formats, both official international open standard for SBOMs
Keep Your Product Secure with Continuous Monitoring
Set up Your Security Feed and Alerts with Emailed Reports
Vigiles securely maintains current manifests of your products and continuously rescans and tracks vulnerabilities for all versions even after your product is released and in production.
- Stay on top of new vulnerabilities with periodic rescans and reports
- Keep your device secure in the field, for full product lifecycle
You Could Try Another Tool, But
Why Would You?
SCA Optimized for Embedded
build system integration, kernel/u-boot filters, and platform filters for 85% fewer CVEs to analyze

Superior Curated Data Accuracy
95% fewer false positives plus more coverage and earlier reporting

Fits into Software Development Life Cycle Workflow
CI/CD, Jira integration, APIs, team collaboration

Streamline Compliance
SBOM generation, license and vulnerability policy, and documentation

Efficient Triaging and Remediation
Email alerts, intelligent filtering, links to fixes

ROI in as Little as 3 Months
with time saved
Streamline Your Process with a Workflow Backbone that will Pay for Itself
Vigiles gives you the complete process to track, triage, remediate, and document CVEs affecting your device. With more accurate data and powerful filters, Vigiles pays for itself in time saved in as little as three months.
How much can Vigiles save you? Try out our ROI calculator here.
What Does Vigiles Cost?
Vigiles is offered in three versions: Free, Plus, and Prime. Vigiles Free offers basic CVE monitoring with alerts and reports, while Plus and Prime are annual subscription plans that include advanced, time-saving triage and remediation features.
Basic
$0 /year
Free, basic version providing CVE monitoring for a single SBOM. Includes alerts of new vulnerabilities, summaries of severities and status, and on-demand reports for your projects.
Prime
$14,900 /year
Unlimited SBOMs, plus collaboration tools for CVE triage and mitigation, advanced filtering, detailed notifications, advanced reporting tools, kernel patches for CVEs and fixed version notifications for OSS.
Enterprise
Contact Sales
All features of Prime with single-sign on support, group functionality for fine-grained project access, role-based access control, and hosting of Vigiles on-premises with remote CVE database updates.
READY TO GET STARTED WITH VIGILES?
Try Vigiles Prime for 30 Days for Free
Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.
What You Get
Vigiles sets you up for success with everything you need to track, triage, remediate,
and document CVEs affecting your device, saving you time and money.

Vigiles Prime or Enterprise
Vigiles Prime offers powerful triage and collaboration tools, with patch notification and management features, enabling your team to rapidly prioritize, assess, and remediate security issues. Vigiles Enterprise brings the Vigiles experience on-premises with remote Timesys CVE Database updates, single sign-on integration, group functionality for project-specific access, and role-based access control..

Ten User Logins
Collaborate across your team for efficient vulnerability monitoring and management with ten user logins

CVE Triage Guide
Learn how to make the most of Vigiles’ triage features to pinpoint the vulnerabilities that apply to your products, prioritize them based on risk, and remediate the largest security threats

Quick Start Training
Use our Quick Start Training to see vulnerabilities for your project’s Software Bill of Materials (SBOM) in less than 30 minutes.

Easy Access to Support and Feature Request
Easily contact support to submit feedback or request features within Vigiles. Issues are typically addressed within 72 hours, and all Vigiles users benefit so feedback is encouraged.
WANT TO SEE IT IN ACTION AND ASK QUESTIONS?
Schedule a Demo for Your Use Case
Detect, filter, triage, and remediate vulnerabilities with the industry’s first Software Composition Analysis and CVE monitoring tool targeted at embedded Linux.
See the impact of Vigiles in action
Demo
Schedule a Demo of Timesys Vulnerability Monitoring
Request a personalized demo to see how Vigiles can save you time with a curated database of CVEs, powerful filtering, and on-demand reporting
Webinar
Software Security Management: Cutting through the vulnerability storm with Vigiles
Learn how to use Vigiles for automated security monitoring on your Linux BSPs, rapid security assessment and triage, and efficient security and vulnerability remediation.
Blog
Evaluating vulnerability tools for embedded Linux devices
How to choose the right vulnerability management tool to bring your security maintenance cost down while improving the security posture of the device