Frequently Asked Questions
Find answers to common questions about Transom's security scanning platform
What is Transom?
Transom is a modern vulnerability scanning platform that helps you identify security issues in your container images and Git repositories. It uses multiple scanning engines (Trivy and Grype) to provide comprehensive security analysis.
How do I get started?
Sign in with your Google account, then navigate to the Scans page to create your first scan. You can scan container images or Git repositories by providing the image name or repository URL.
What can I scan?
You can scan container images (e.g., "postgres:latest", "nginx:alpine") and Git repositories (e.g., "https://github.com/user/repo"). The platform currently supports public repositories and images only. Each scan generates both vulnerability reports and SBOMs (Software Bill of Materials).
How long do scans take?
Scan duration depends on the size and complexity of the target. Container images typically take 1-5 minutes, while Git repositories may take 2-10 minutes depending on the codebase size.
What scanning engines do you use?
Transom uses two industry-leading scanners: Trivy for comprehensive vulnerability detection and Grype for additional coverage. For SBOM generation, we use Syft and Trivy to create detailed software component inventories.
What types of vulnerabilities do you detect?
We detect Common Vulnerabilities and Exposures (CVEs), misconfigurations, and security issues in dependencies. Results are categorized by severity: Critical, High, Medium, and Low.
Do you generate SBOMs?
Yes! Transom can generate Software Bill of Materials (SBOMs) for all scanned targets. SBOMs provide a detailed inventory of all software components and dependencies, helping you understand your software supply chain and identify potential security risks.
Can I compare scan results?
Yes! Use the Compare feature to analyze differences between scans. This is useful for tracking security improvements over time or comparing different versions of the same target.
Are there scan limits?
Yes, to ensure fair usage: 10 scans per hour and 25 scans per day per user. You can track your usage on the Dashboard page.
What happens if I reach my limit?
You'll receive an error message when trying to create new scans. Limits reset automatically - hourly limits reset every hour, daily limits reset at midnight UTC.
How do I check my scan usage?
Visit your Dashboard to see the Scan Limit Tracker widget, which shows your current usage, remaining scans, and historical statistics.
Is my data secure?
Yes, we take security seriously. All data is encrypted in transit and at rest. We only store scan results and metadata - no source code is permanently stored.
How long do you keep scan results?
Scan results are retained for analysis and comparison purposes. Old results (older than 7 days) may be overwritten by new scans of the same target.
Can I delete my data?
Currently, scan results are automatically managed by the system. Contact support if you need specific data removal requests.
My scan failed. What should I do?
Check that the target URL or image name is correct and accessible.
Why don't I see any vulnerabilities?
This could mean your target is secure, or the scanners couldn't access certain dependencies. Try scanning a known vulnerable image like "vulnerables/web-dvwa" to test the system.
How do I interpret scan results?
Results show vulnerability severity, affected packages, and remediation advice. Critical and High severity issues should be addressed immediately, while Medium and Low issues can be prioritized based on your security requirements.
Where can I get help?
Check the Documentation page for detailed guides, or visit the About page to learn more about Transom's features and capabilities.
How do I report bugs?
If you encounter issues, please provide details about the error, your target, and steps to reproduce. This helps us resolve issues quickly.
Can I request new features?
Absolutely! We welcome feature requests and feedback. Let us know what would make Transom more useful for your security scanning needs.