Introduce yourself
Say hello to the Product Hunt community
Start new thread
Sarath Kumar

Solo builder working on a patch monitoring tool — looking to learn from the community

by

Hi everyone 👋

I’m a patch and vulnerability management engineer by profession, and recently started building a small security tool based on real operational challenges I face in day-to-day work.

The main problem I’m exploring is how teams track security patches and CVEs across multiple sources without drowning in noise.

This is very early-stage and feedback-driven — I’m not here to launch or promote anything yet. My goal is to:

  • Learn how other builders approach similar problems

  • Exchange notes with people working in security, IT ops, or DevOps

  • Understand what actually works (and what doesn’t) in early-stage SaaS

If you’re building something in security, DevOps, or IT tooling — or have experience with patching and vulnerability workflows — I’d love to hear your perspective.

Looking forward to learning from the community here.

50 views

Add a comment

Replies

Best
Ashok Nayak

Welcome to Product Hunt, @sarath_kumar46

We currently use Trivy for automatic scanning of vulnerabilities at Devtron, and the CVE issues are listed to the user.

Would be know your progress...let's stay in touch.

Sarath Kumar

Thanks @ashok_nayak , appreciate the welcome 🙂

Interesting to hear about Devtron using Trivy and how you’re exposing CVEs to users. I’m still very early and mostly trying to understand where teams actually struggle day to day — whether it’s too much noise, lack of context, or just figuring out what to act on first.

Curious to hear from your experience:
how do users usually react to the volume of vulnerabilities, and what kind of feedback do you hear most around alert fatigue or prioritization?

Happy to stay in touch and exchange notes as I keep building.

Ashok Nayak
@sarath_kumar46 Yes, to answer your question, users are always like "why should I care about vulnerabilities, and if I should, then what do I do about it" That's it. We, as providers, then have to build solutions (like security policies) that help them act on the vulnerabilities. There's no noise, fatigue, or overload, there's just lack of actionable insights and knowledge among users.
Sarath Kumar

@ashok_nayak 

That makes a lot of sense — the “why should I care” and “what do I do next” gap is very real.

I like how you framed it as an actionability problem rather than noise. In my day-to-day work I’ve seen similar behavior — once users understand impact and next steps, the volume itself matters a lot less.

Curious how you approach that in practice at Devtron — is it more through policy defaults, opinionated guidance, or tying vulnerabilities directly to deployment decisions?

Thanks for sharing this perspective, it’s genuinely helpful.