For example, when running a development instance of Fleet on an Apple Macbook Pro with 16 cores, matching 200k CPEs against the CVE database will take around 10 seconds and consume about 3GBs of RAM.
The CPU and memory usages are in burst once every hour (or the configured periodicity) on the instance that does the processing. RAM spikes are expected to not exceed the 2GBs.
By default, the software inventory feature is enabled and vulnerability checking is disabled. Both must be enabled to check for vulnerabilities.
You can check to see if the software inventory feature is enabled by running the `fleetctl get config` command. If `enable_software_inventory` is set to `true`, in the command's output, the software inventory feature is already enabled.
You'll need to restart the Fleet instances after changing these settings.
## Results
If enabled, Fleet will flag all software versions that have one or more detected CVEs in the software section of that host's **Host details** page.
In the software section, select the right facing arrow to see the specific CVEs associated with a specific software version. The CVEs are also included in the response of the `GET api/v1/fleet/hosts/{id}` API route.
Vulnerability processing happens on the Fleet instance and not on the host machine. Because of this, detected vulnerabilities cannot be used in the same way you would use a query (e.g. you wouldn't be able create a policy based on a detected CVE).
This information can be used to create queries and base policies on. For example: If you see that a vulnerable version of Figma is detected on a host, you can create a query that looks for this versions of Figma:
Is Figma.app, version [vulnerable-version] installed?
`SELECT 1 FROM apps WHERE name = ‘Figma.app’ AND bundle_short_version = ‘[vulnerable-version]’;`
Then you can use this query to create a policy to track your effort to patch all hosts with this version of Figma installed.
