What does HackerNews think of osquery?
SQL powered operating system instrumentation, monitoring, and analytics.
We made Mana for individuals to keep macOS and installed apps updated. It warns users about a new vulnerability within minutes after it appears on the Internet, so they can quickly patch it. Mana also shows patch velocity by the “Mean Time To Remediate” metric. This way, our app helps to keep computers updated and improves vulnerability management as a process.
We wrote the app in Electron; its code is open-source and available on GitHub [1]. It relies on osquery [2] to check versions of the installed software. It compares current versions over a local vulnerability database downloaded from the backend. This way, sensitive data is only processed on the user side. The backend creates the database by collecting info about new vulnerabilities from CVE, Security Advisories, Release Notes, etc.
The community version is free for 10 essential apps, including Google Chrome, Mozilla Firefox, Safari, Tor Browser, Opera, Zoom, 1Password, Mozilla Thunderbird, Adobe Acrobat Reader DC, and macOS itself. The paid subscription covers 100+ apps (for now).
We are very far from where we want to be, from many points of view. There are many plans and ways to evolve, and we hope to use this opportunity to collect feedback and discuss relevant topics with the community.
Happy to answer any questions or comments! You can also send us an email at HN [at] manasecurity.com.
[1] https://github.com/manasecurity/mana-security-app [2] https://github.com/osquery/osquery