Skip to main content

Trust

This page is for the person who has to approve running a third-party, closed-source tool on a private codebase: the security lead, the CISO, the reviewer who answers the procurement questionnaire. The claim you are being asked to sign off on is architectural, so here it is in plain words: the entire analysis runs on your machine. Your code is never uploaded, and it never enters a model. Everything below is the detail behind that sentence, with a way to verify each part yourself.

Where your code goes

Nowhere. Vulkro is a single binary; the detection engine and the CVE database ship inside it. A scan reads your files locally, analyzes them locally, and writes results locally (to your terminal, to ~/.vulkro/, or to the report file you asked for). There is no cloud analysis tier, no "deeper scan" that uploads code, and no model API call anywhere in the scan path.

You do not have to take that on faith. Pull the network cable and the scan still runs:

VULKRO_OFFLINE=1 vulkro scan .

VULKRO_OFFLINE=1 disables every outbound network call at the process boundary, so if the scanner needed your network to analyze your code, this command would fail. It does not. On Linux you can make the test stricter by running the scan inside a network namespace with no interfaces at all; the air-gap guide shows how.

What crosses the wire, exactly

Vulkro requires a verified account, and the account layer does make network calls. Here is the complete list of what they carry.

  • The usage heartbeat. Sent at most once a day, it contains exactly six fields: product, install id, version, operating system, timestamp, and a scan counter. The install id is a random identifier minted once at install time; it is not a hardware fingerprint.
  • Sign-in and the daily entitlement refresh. vulkro login and the once-a-day lease refresh carry a device token so the server can confirm your seat and return a signed lease. They never carry code, paths, or findings.
  • Downloads, not uploads. Installing the binary and running vulkro update fetch signed artifacts from our CDN. Nothing about your project is sent to request them.

What is never sent, from any code path in the product: your source code, your file paths, the contents of any finding, and machine identifiers such as the hardware fingerprint. There is no crash reporter and no feature-use analytics in the binary.

All of it can be turned off. VULKRO_OFFLINE=1 disables every outbound call, and air-gapped machines use a signed license file instead of the online sign-in, so they satisfy the account requirement with zero network access. The per-call breakdown lives in the privacy policy and the network reference.

Deterministic by design

There is no AI inside the scan. Findings come from program analysis (parsers, taint tracking, rule evaluation), not from sampling a model, so the same code produces the same verdict on every run.

That property is what makes the tool safe to put in charge of anything. A CI gate that flickers gets bypassed within a week; a deterministic gate can block a merge and be trusted to block the same merge tomorrow. For audits it means evidence is reproducible: anyone can rerun the scan on the same revision and get the same findings, which is what an assessor actually asks for. And because no model is involved, there is no prompt surface to inject, no model drift between runs, and no vendor inference endpoint with a copy of your code.

One command is the documented exception, and it is fenced off: vulkro triage, off by default, asks a model for an advisory second opinion on a scan's findings, through your own API key rather than any service of ours. Its verdicts are labelled advisory and never change the deterministic scan results. vulkro scan itself makes no model call under any flag. See vulkro triage.

Closed source, verifiable anyway

The detection engine is proprietary; it is the licensed product, and we do not publish it. We are not asking you to trust unreadable code on reputation, though. The things that let you verify the product are public.

The benchmark is reproducible. The ground-truth corpus, the harness, and the scoring code are published. The scored head-to-head covers 76 catalogued bugs in real projects; Vulkro finds 44 of them at 0.81 precision on the default high-confidence setting.

VulkroSemgrep CEBearer 2.0.2
Precision0.810.620.36
Recall0.580.200.49
F1 score0.680.300.41

Clone the corpus, run the same commands, get the same numbers. The benchmark methodology documents the scoring rules and the exact commands.

Every finding explains itself. Each finding carries a stable ID, and vulkro explain <ID> documents what the check looks for, why this instance fired, and how to fix it. You can audit the behaviour of every detector you encounter, in the product, before you trust its verdict.

The changelog is public. Every release documents what changed at vulkro.com/changelog, so the tool you approved does not drift silently.

The network claim is testable. The VULKRO_OFFLINE=1 test above is the blunt instrument: run it on a machine with no route out and watch the scan complete.

Account and licensing data

Scanning requires a verified account. Your first device sign-in starts a 14-day trial of the full product, and after the trial licenses are issued per seat, directly by our team; there is no self-serve checkout.

The account portal stores what a license needs and nothing from your codebase: your email address, license and seat records, the names of the devices you have signed in (you can rename or deauthorize them), and the usage counters from the heartbeat above. It cannot store code, paths, repository names, or findings, because the scanner never sends them. Air-gapped machines are licensed with a signed .lic file and never appear in the online device list at all. The full data-handling statement, including payment processing and retention, is in the privacy policy.

Security of Vulkro itself

A scanner runs with read access to your source, so its own supply chain has to hold up.

  • Signed releases. Every release from v0.16.0 onward ships a SHA-256 checksums manifest signed with cosign. One signature covers every platform binary and the release's SBOM, so a verified download is authentic, not just intact. The public key is published at https://dist.vulkro.com/cosign.pub:

    curl -fsSLO https://dist.vulkro.com/releases/v0.16.0/vulkro-0.16.0-mac-arm64.tar.gz
    curl -fsSLO https://dist.vulkro.com/releases/v0.16.0/SHA256SUMS
    curl -fsSLO https://dist.vulkro.com/releases/v0.16.0/SHA256SUMS.sig
    curl -fsSLO https://dist.vulkro.com/cosign.pub
    cosign verify-blob --key cosign.pub --signature SHA256SUMS.sig SHA256SUMS
    shasum -a 256 -c SHA256SUMS --ignore-missing
  • Signed CVE bundles. Every CVE bundle and rule pack is signed with Ed25519 and verified against public keys baked into the binary at build time. A bundle whose signature does not verify is refused; there is no trust-on-first-use fallback. See signing and trust roots.

  • A bill of materials for the scanner. Each release publishes a CycloneDX SBOM of the released binary itself, listing every third-party component compiled into it. It is generated deterministically and covered by the same signed manifest.

  • Reporting a vulnerability. If you find a security issue in Vulkro, email [email protected]. The coordinated-disclosure policy and our response commitment are on the security page, and the machine-readable contact is at /.well-known/security.txt.


See also: Security policy, Privacy policy, Benchmark, Air-gap install.