Pennyworth continuously monitors your fleet and cross-references each detected vulnerability with real exposure signals (EPSS, the CISA KEV catalog, actual presence on your systems) to help you prioritize remediation.

The Community Edition runs on your own infrastructure — no inventory data ever leaves it. Cloud runs the exact same engine, hosted and maintained by us.
No — inventory, collectors and vulnerability sources are unlimited. Cloud adds hosting, high availability and SSO.
A shared account, preloaded with a sample fleet, no sign-up required. It's reset every 24 hours.
MITRE CVE, EPSS, the CISA KEV catalog, and bulletins (CERT-FR, BSI…) — synced then recomputed in a pipeline.
Via satellites (SSH collection per site) or agents installed directly on the machine.