# VULNRΞPO — Privacy-First Vuln Report Manager (Ollama) > VULNRΞPO is a client-side vulnerability report manager: it encrypts data in-browser, supports imports/exports, and can use local Ollama for AI writing. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: ## Quick Use ```bash # quickest trial docker run -p 8080:80 kac89/vulnrepo # open: http://localhost:8080 ``` ## Intro VULNRΞPO is a client-side vulnerability report manager: it encrypts data in-browser, supports imports/exports, and can use local Ollama for AI writing. - **Best for:** Security pros who want local-first, encrypted report workflows (no default backend) - **Works with:** Modern browsers (IndexedDB); optional local Ollama for AI writing; Docker image for quick trial (per README) - **Setup time:** 3–10 minutes ## Practical Notes - GitHub: 555 stars · 118 forks; pushed 2026-05-11 (verified via GitHub API). - README security model: PBKDF2-SHA-256 with 600,000 iterations + AES-256-GCM; key kept in-memory only. - README notes Angular 21 and a Docker image (`kac89/vulnrepo`) for a one-command local run. ## Main A good way to adopt VULNRΞPO: 1. Use it as your **single source of truth** for issues, templates, and exports; treat your scanner outputs as inputs. 2. For collaboration, prefer **encrypted HTML exports** or portable encrypted exports, then share via your normal channels. 3. If you enable AI assistance, keep it local: the README documents an Ollama integration and notes that no data is sent to cloud services in that mode. 4. For teams that need centralized storage, consider the optional backend path—just treat it as an integration, not a requirement. The main benefit is reduced “report friction”: templates + imports + exports in one place, while keeping encryption and storage local by default. ### FAQ **Q: Does it require a backend?** A: No. README says data is encrypted and stored locally in your browser by default; backend is optional. **Q: Can I use AI without sending data to cloud?** A: README documents using local Ollama for AI-assisted writing. **Q: What import formats are supported?** A: README lists many sources (Burp, Nessus, Nmap, ZAP, Semgrep, Trivy, and more). ## Source & Thanks > Source: https://github.com/kac89/vulnrepo > License: Apache-2.0 > GitHub stars: 555 · forks: 118 --- ## 快速使用 ```bash # 最快试用 docker run -p 8080:80 kac89/vulnrepo # 打开:http://localhost:8080 ``` ## 简介 VULNRΞPO 是偏“隐私优先”的漏洞报告管理器:数据在浏览器端加密并默认本地存储,支持多种扫描器导入、模板与多格式导出,还可连接本地 Ollama 做 AI 辅助写作;需要时再启用可选后端。 - **适合谁:** 希望“本地优先 + 加密”的安全报告工作流(默认无后端) - **可搭配:** 现代浏览器(IndexedDB);可选连接本地 Ollama;也提供 Docker 镜像快速试用(见 README) - **准备时间:** 3–10 分钟 ## 实战建议 - GitHub:555 stars · 118 forks;最近更新 2026-05-11(GitHub API 验证)。 - README 的安全模型:PBKDF2-SHA-256(600,000 次迭代)+ AES-256-GCM;密钥只在内存中保存。 - README 标注 Angular 21,并提供 Docker 镜像 `kac89/vulnrepo` 一条命令本地运行。 ## 主要内容 落地 VULNRΞPO 的推荐方式: 1. 把它当作漏洞条目/模板/导出的一站式仓库,扫描器输出只是输入材料。 2. 协作时优先用 **加密的 HTML 导出** 或可移植的加密导出,再走你们已有的传输渠道。 3. 开启 AI 辅助时尽量保持本地:README 给出 Ollama 集成路径,并强调在该模式下不把数据发送到云端。 4. 真需要集中存储时再考虑可选后端,把它当作集成能力而不是默认依赖。 核心收益是降低“写报告摩擦”:导入/模板/导出全在一个地方,同时默认保持本地加密存储。 ### FAQ **必须要后端吗?** 答:不需要。README 表示默认在浏览器端加密并本地存储,后端是可选项。 **能否不把数据发到云端也用 AI?** 答:README 给出本地 Ollama 的 AI 辅助写作集成。 **支持哪些导入格式?** 答:README 列出 Burp/Nessus/Nmap/ZAP/Semgrep/Trivy 等多种来源。 ## 来源与感谢 > Source: https://github.com/kac89/vulnrepo > License: Apache-2.0 > GitHub stars: 555 · forks: 118 --- Source: https://tokrepo.com/en/workflows/vulnr-po-privacy-first-vuln-report-manager-ollama Author: AI Open Source