OWASP Vulnerability Management Center

OWASP Vulnerability Management Center is a platform designed to make vulnerability governance easier for any security specialists and SOC teams within their organisations. VMC is a great partner in any vulnerability management process, allowing automation and making your life easier. You can integrate VMC with vulnerability scanners and platforms like TheHive. Additionally, VMC takes care of asset management integrating with Ralph, whole vulnerability reporting and dashboards (Kibana) for the clear overview. VMC allows you to focus on the most important vulnerability issues within your environment.

Value for business

Thanks to VMC you can focus on the most important assets from environment perspective given information about vulnerabilities and assets.

VMC can present important information in brief and compact way screen3



VMC also shows live updates regarding you environemnt. It guides your focus to specific threats and assets.



You can install VMC either on your machine or use elegant docker solution.



We’ve made separate repository with guides and documentation available here.


In simple words VMC requires data about detections from your scanner, information about assets and updates about CVE. Thanks to that VMC can live update your focus to the most emerging threats for your assets.


Source code in this repository is covered by one of three licenses:

  • the Apache License 2.0 https://www.apache.org/licenses/LICENSE-2.0
  • the Apache License 2.0 compatible license
  • the DSecure.me License. The default license throughout the repository is Apache License 2.0 unless the header specifies another license.

Try it

We encourage you to try our demo instance. You can get it from here Instruction how to use it is in the demo readme file


Please see our Code of conduct. We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests via issues.


Please open an issue on GitHub if you’d like to report a bug or request a feature.

If you need to contact the project team, send an email to [email protected]