Open-source platform

Know what is exposed.
Prove what is protected.
Act on what matters.

SecPlat brings security posture, threat signals, risk scoring, incident response, automation, and SOC 2 evidence into one open-source workspace.

Read-only connectorsSelf-hostableHuman-in-the-loop AI

Live Platform Snapshot

Connect a read-only GitHub token and get a SOC 2 evidence report in under a minute.

Live
LIVE SIMULATION

See it in action

This is what happens when you run a GitHub posture scan. Hit Run to watch.

secplat scan - zsh
HOW IT WORKS

From source data to useful evidence

Four understandable steps, one read-only connection. Click a step to explore the flow.

Connect GitHub

Connect an organisation with a read-only token. SecPlat cannot change repositories or settings.

Start from the platform
INTERACTIVE DEMO

Your SOC 2 report

A simple example of how technical checks become evidence a client, auditor, or teammate can understand.

SOC 2 Evidence Report

Generated from GitHub Posture Connector

FAIL

Control pass rate: 33% - 1 PASS / 2 NEED ACTION - downloadable PDF

Sign in to open reports
BUILT FOR

Useful at every level of the conversation

Start with the outcome you care about. The same platform can support leadership decisions, day-to-day security work, and technical evaluation.

Understand risk and build trust without adding more tools

Get a clear view of security gaps, ownership, and compliance evidence in one place. Start with a read-only GitHub scan, then grow into the wider security operations platform when you need it.

  • See the issues that matter most, not another list of raw alerts
  • Turn technical findings into downloadable SOC 2 evidence
  • Open source and self-hostable, with no platform lock-in
See the evidence experience
UNDER THE HOOD

Start focused. Expand when you need to.

SecPlat connects the core jobs of a modern security programme without forcing every team to use every module.

Alert Triage

Bring alerts into one queue and add AI-assisted context while keeping human review in the loop.

In platform

Risk Scoring

Rank findings by exploitability, business criticality, and current threat intelligence.

In platform

Attack Simulation

Validate controls with port scans, brute-force scenarios, and web tests in a safe sandbox.

In platform

Policy-as-Code

Define security rules as versioned YAML with approvals, evaluation history, and rollback.

In platform

ML Risk Engine

Learn from triage decisions, explain risk predictions, and monitor model drift over time.

In platform

Cyber Range

Run guided security drills that generate realistic signals and incidents inside the platform.

In platform

Ready to try it?

Connect a read-only GitHub token and get an auditor-ready SOC 2 report in under a minute. No infrastructure, no commitment.

Open source — read every lineSelf-hosted — your data stays with youRead-only connectors — cannot modify your repos

See whether SecPlat fits your next step

Evaluate the product, discuss a deployment, review the engineering, or collaborate on the open-source project. Start with whichever conversation matters to you.