Security Posture Dashboard for Cockpit (Updates, Vulnerabilities, Compliance)

[avula-sudheer]

Description:

System administrators often need a quick overview of a host’s security posture, such as pending security updates, known software vulnerabilities, and compliance with security hardening benchmarks. Today these typically require running multiple tools separately.

I’m exploring a Cockpit module that brings these signals together in a single UI with three views:

• Security Updates – pending vendor security patches via native package managers
• Vulnerability Scan – on-demand scan of installed packages using existing tools
• Compliance Scan – configuration compliance checks using OpenSCAP profiles

The goal is to provide a simple security posture overview directly in Cockpit, while relying on existing system tools and keeping scans on-demand.

I have built an experimental prototype module here:

https://github.com/gen-y-labs/cockpit-security/tree/feature/security

Before continuing further development, I would appreciate feedback from the Cockpit maintainers on:

• Whether this concept aligns with Cockpit’s scope
• Whether it would be better maintained as an external plugin/module
• Any architectural or UX guidance for integrating with Cockpit

Happy to iterate based on feedback.