Web Site Vulnerability Scanner

Our security scare has me concerned.

How do CS-Cart know when we are under possible attack ?

Are they continually testing default carts for vulnerabilities

or do they rely on people reporting vulnerabilities ?

While on the subject. Is there a free scanner that I can point

at my web site ?