VMS: VULNERABILITY LIFECYCLE MANAGEMENT SYSTEM
An enterprise-grade Vulnerability Lifecycle Management System (VMS) modeled after industry leaders like SynVM, featuring advanced orchestration, Nessus integration, and military-grade security.
What We Built
Vulsphere is a vulnerability lifecycle management platform for enterprise security teams. It handles the full remediation loop: asset management, test requests, automated Nessus scanning, confirmatory retesting, and multi-stage approvals.
Security teams at large organizations use it as a single source of truth for tracking vulnerabilities across their entire digital asset landscape.
Key Features
Identity & Access Management
- Role-based access control with custom permission levels
- MFA via email OTP and authenticator apps
- SSO and LDAP integration for enterprise identity providers
Scanning & Orchestration
- Ingests Nessus scan data (XML/CSV) and maps findings across sequential scans
- Full test request lifecycle: initial submission, approval workflow, and iterative confirmatory retests
- Exception handling for risk acceptances with full audit trails
Vulnerability Operations
- Create, edit, and track vulnerabilities with rich-text details and status transitions
- Built-in knowledge base of common CVEs and remediation steps
- Auto-generated PDF reports for initial and confirmatory tests
- Real-time dashboard with analytics for managers and CISOs
Administration
- Registry for applications undergoing security testing
- Asset tracking for IPs, servers, and URLs
- Dynamic form fields configurable without code changes
- Automated email alerts for requests, approvals, and report generation
Tech Stack
Frontend: Next.js 15, React 19, Redux Toolkit, TanStack Query, TanStack Table, Tailwind CSS v4, Shadcn/UI, Recharts
Backend: NestJS, MongoDB with Mongoose, Passport (JWT/Local), Bcrypt, Helmet, OTPLib
Tools: Docker, Winston/Pino logging, PDFMake, Pug, JSDOM
Hard Problems We Solved
Scan Comparison Logic We built a custom diff algorithm that parses large Nessus scan files and automatically categorizes vulnerabilities as New, Fixed, Remediated, or Reopened by comparing against baseline scans. No manual triage needed.
High-Fidelity PDF Reporting Clients needed downloadable reports that matched the web dashboard's rich text exactly, including tables and formatted remediation steps. We built a rendering pipeline using Pug templates and pdfmake with html-to-pdfmake to preserve Tiptap editor output in PDF.
Tamper-Proof Deployment For on-premise deployments, we used javascript-obfuscator for build protection and a custom licensing server that validates the application against hardware fingerprints (MAC, IP, OS) with encrypted signatures at runtime.
Sample Report
