Security
Built for private networks and sensitive infrastructure evidence.
Infrastructure inventories, source credentials, and dependency maps are sensitive. VeridataOps keeps tenant context scoped and avoids exposing customer-side systems directly to the internet.
Start with tenant boundaries, secret handling, collector access, and release evidence instead of a generic intro call.
Scope
Coverage
Gaps
Owners
Action
Customer network
Collector
SaaS control plane
Scoped jobs
Secret runtime
Vault
Tenant workspace
Reviewed results
Security Model
Why security reviewers should care
Customer-side collectors poll the SaaS control plane for scoped work, run near private systems, and return compressed results outbound. Scheduled jobs still work without opening inbound firewall access, while tenant context, credentials, review state, and destination writes stay separated. The hardening roadmap now tracks tenant baselines, release evidence, security headers, CSRF, audit exports, and PCI/ISO/GxP-ready operating controls as explicit work items.
Encrypted evidence storage
Vault transit can protect tenant payloads and source evidence before database persistence, with stronger token lifecycle and decrypt auditability on the roadmap.
Tenant security controls
Tenant context, RBAC, MFA/passkeys, scoped API tokens, support access, collector state, and retention policy are treated as auditable security boundaries.
Secure release evidence
Component pipelines and release gates are being shaped around dependency, secret, SAST, container, authenticated DAST, provenance, and customer-safe evidence bundles.
Review gates
Dry-run previews, CSRF-protected browser mutations, conflict handling, destination authority policies, and optional approval workflows reduce accidental writes.
Compliance support
Supports ISO/FIPS/PCI-compliant deployments when the hosting stack, tenant policy, evidence retention, encryption boundary, and operating controls are configured for that audited scope.
Assurance Map
Security assurance starts with coverage you can prove
Product controls, source coverage, ownership, and review evidence work together when customers ask what is protected.
Scope
Coverage
Gaps
Owners
Action