Trusted feed sync
Synchronizes NVD, CISA KEV, OSV, Ubuntu, and Red Hat security data into a service owned by the customer.
Owned vulnerability intelligence
CT-CVE
A standalone vulnerability intelligence service that syncs trusted feeds, matches packages, and sends signed findings back to CT-Ops.
Product role
What it does
CT-CVE owns the vulnerability intelligence pipeline: source sync, advisory normalization, package matching, finding enrichment, policy decisions, and signed delivery back into operational workflows.
Capabilities
Built for owned infrastructure.
Package matching
Matches software inventory to advisories using controlled source policy and enrichment rules.
Clear boundary
Separates vulnerability intelligence processing from CT-Ops collection so product responsibilities stay explicit.
Signed findings
Returns signed finding batches for CT-Ops review, reporting, and operational follow-up.
Integration points
Fits the CarrTech operating model.
CT-Ops inventory snapshotsSigned finding batchesAir-gap feed import
Next step