In this article:
The SecurityScorecard platform did not show any findings for a CVE of my publicly exposed software or service.
There are two possible reasons why the platform did not detect a CVE for a Scorecards publicly facing software.
- Some software versions are not shared through Nmap scanning or through headers, so we are not always able to match against a known CVE.
- SecurityScorecard does not necessarily scan for every known software type. We do concentrate on the most commonly used software or services.
We recommend reviewing our beta feature called Internal Security Suite which gathers data through integrations with your own deployed security products.