Security

Built for private networks and sensitive infrastructure evidence.

Infrastructure inventories, source credentials, and dependency maps are sensitive. VeridataOps keeps tenant context scoped and avoids exposing customer-side systems directly to the internet.

Start with tenant boundaries, secret handling, collector access, and release evidence instead of a generic intro call.

Coverage matrix showing protected, missing, and attention-needed assets.
Customer network Collector
SaaS control plane Scoped jobs
Secret runtime Vault
Tenant workspace Reviewed results

Security Model

Why security reviewers should care

Customer-side collectors poll the SaaS control plane for scoped work, run near private systems, and return compressed results outbound. Scheduled jobs still work without opening inbound firewall access, while tenant context, credentials, review state, and destination writes stay separated. The hardening roadmap now tracks tenant baselines, release evidence, security headers, CSRF, audit exports, and PCI/ISO/GxP-ready operating controls as explicit work items.

Encrypted evidence storage Vault transit can protect tenant payloads and source evidence before database persistence, with stronger token lifecycle and decrypt auditability on the roadmap.
Tenant security controls Tenant context, RBAC, MFA/passkeys, scoped API tokens, support access, collector state, and retention policy are treated as auditable security boundaries.
Secure release evidence Component pipelines and release gates are being shaped around dependency, secret, SAST, container, authenticated DAST, provenance, and customer-safe evidence bundles.
Review gates Dry-run previews, CSRF-protected browser mutations, conflict handling, destination authority policies, and optional approval workflows reduce accidental writes.
Compliance support Supports ISO/FIPS/PCI-compliant deployments when the hosting stack, tenant policy, evidence retention, encryption boundary, and operating controls are configured for that audited scope.

Assurance Map

Security assurance starts with coverage you can prove

Product controls, source coverage, ownership, and review evidence work together when customers ask what is protected.

Coverage matrix showing protected, missing, and attention-needed assets.
Platform Review the operating model
Data Packs Browse integration categories
Workbench See builders and explorer
Contact Send a message