Resources

Everything you need to
evaluate and deploy.

Guides, deployment docs, the agentic-AI explainer and answers to the questions security teams ask first.

๐Ÿš€

Getting started

Stand up ASPM or the API Security platform with one Docker Compose stack โ€” entirely offline.

Read the guide โ†’
๐Ÿงฑ

Architecture & deployment

Two separate stacks, zero egress, air-gap topology and hardware sizing.

View architecture โ†’
๐Ÿค–

Agentic AI explained

How the local-LLM agents threat-model, verify exploits and write fixes.

Learn the AI โ†’
๐Ÿ“‹

Compliance mapping

SOC 2, PCI DSS, HIPAA, NIST and GDPR โ€” and SBOM export (CycloneDX/SPDX).

See mappings โ†’
๐Ÿ”Œ

OWASP API Top 10

How discovery + the AI-assisted WAF cover BOLA, BFLA and mass assignment.

Explore coverage โ†’
๐Ÿ”

Trust & security

Our identity model, data handling and the zero-egress guarantee.

Read trust โ†’

Frequently asked questions

Does any data leave my network?+

No. Source code, scan traffic and AI inference all run on your hardware. There's no license phone-home and no telemetry โ€” you can run it behind an outbound deny-all firewall.

Which AI model powers it?+

A local LLM (DeepSeek) running on your own compute. The agentic engine uses it for threat modeling, exploit verification, triage and fix suggestions โ€” with no per-token cloud bill.

Are ASPM and API Security one product?+

No โ€” they're two independent products with separate apps, separate data and separate logs. Run one, run both. They're licensed individually and never share a console or store.

Can I deploy fully air-gapped?+

Yes. Models, scanners and templates ship with the install. Once deployed there are no outbound dependencies, so an isolated VLAN or air-gapped network works out of the box.

How is it deployed?+

One Docker Compose stack per product โ€” Postgres, a scanner pool, the local LLM and the app, all as containers you run and own. No SaaS account required.

What identity controls are included?+

SSO/AD, RBAC, MFA/TOTP with backup codes, scoped API tokens, a configurable password policy and account lockout โ€” all built in.

Trust & security

A security product should hold itself to the standard it enforces.

Zero egress

No outbound calls after install. Verifiable with a deny-all firewall rule.

You own the data

All findings, logs and models live on your infrastructure โ€” never ours.

Hardened identity

MFA, RBAC, hashed API tokens, password policy and lockout by default.

Encryption at rest

Sensitive fields are encrypted; secrets are never stored in plaintext.

Full audit trail

Every privileged action is logged for evidence and incident review.

Compliance-aligned

Built to support SOC 2, PCI DSS, HIPAA, NIST and GDPR evidence.

Still have questions?

Our team will walk you through a deployment for your environment.

Contact us See the platform