VULNRΞPO — Privacy-First Vuln Report Manager (Ollama)

Practical Notes

• GitHub: 555 stars · 118 forks; pushed 2026-05-11 (verified via GitHub API).
• README security model: PBKDF2-SHA-256 with 600,000 iterations + AES-256-GCM; key kept in-memory only.
• README notes Angular 21 and a Docker image (kac89/vulnrepo) for a one-command local run.

Main

A good way to adopt VULNRΞPO:

1. Use it as your single source of truth for issues, templates, and exports; treat your scanner outputs as inputs.
2. For collaboration, prefer encrypted HTML exports or portable encrypted exports, then share via your normal channels.
3. If you enable AI assistance, keep it local: the README documents an Ollama integration and notes that no data is sent to cloud services in that mode.
4. For teams that need centralized storage, consider the optional backend path—just treat it as an integration, not a requirement.

The main benefit is reduced “report friction”: templates + imports + exports in one place, while keeping encryption and storage local by default.

FAQ

Q: Does it require a backend? A: No. README says data is encrypted and stored locally in your browser by default; backend is optional.

Q: Can I use AI without sending data to cloud? A: README documents using local Ollama for AI-assisted writing.

Q: What import formats are supported? A: README lists many sources (Burp, Nessus, Nmap, ZAP, Semgrep, Trivy, and more).