Curating security tools

Hexagon shape

Building workflows

Finding vulnerabilities

Generating capacity for your team

Hexagon shape

Without any code

Meet Smithy, the one-stop platform that makes your security tools work harder so your security team can work smarter.

Boost your efficiency and automate security workflows, with zero code, with the Smithy Platform.

Our cutting-edge workflow platform seamlessly integrates with your existing application security tools. You can enrich and streamline your data, and identify and resolve potential security vulnerabilities with ease. With Smithy, you're not just saving time, you're optimising your end-to-end security process.

Product image Product image
Smithy shapes ornament

Smithy gives security
teams more capacity

Curate tools

Identify, curate, and implement the right toolset.

We have selected and rigorously tested an array of security tools from open source and commercial operations, so that security teams can deploy the right protection for their specific code.

Capacity

Bring focus and capacity back to your team.

Our platform is built for high-performance. Automatic workflows, powerful integrations, and actionable insights create more time for your team to focus on the important things. It’s streamlined, efficient, and boosts the capacity of your team.

Secure

On-premises or in the cloud.

Choose whether Smithy runs on your cluster or in the cloud.
All we need is a Kubernetes namespace and a PostgreSQL Database.

Workflows

Create custom workflows that take away your busy work.

We’ve put in the time to build connections between each security tool so that teams can build their own tool sets interactively by dragging and dropping tools.

Simplified

Remove every barrier.

Smithy is a tool to remove barriers. Powerful yet simple to use, it helps you to plan ahead, make better decisions and execute faster. You don’t have to come up with best practices for how to use Smithy — we already built them directly into the product.

See the product demo today

Interested in maximising your security with ease? Secure your demo now to see how Smithy saves time and enhances protection.

View Demo

We are Open-Core

We are the only security workflows engine with a growing community of dedicated contributors. Our open core allows stakeholders to have complete transparency on approach and security. We don't gather "analytics", we don't use your data for machine learning. We don't maintain relationships via vendor lock-in. If you need to offboard from Smithy-Pro, you can do so, seamlessly. Smithy-Pro is fully compatible with Open-Smithy. Have a look at the open source version of Smithy

View the Project on GitHub

DevSecOps explorer

Do you want to visualise your DevSecOps process? Have a look at the new tool explorer.

Explore
Explorer screenshot
explorer screenshot

Our Integrations

Build the perfect set of tools for the task at hand, speed up
your tasks, and leave the heavy lifting to us.

See all integrations
Source
wget wget
Producer
Tfsec Tfsec
Producer
Black duck Black duck
Producer
Docker-Trivy Docker-Trivy
Enricher
Deduplication Deduplication
Consumer
MongoDB MongoDB
Source
GitHub GitHub
Producer
GoSec GoSec
Producer
AWS S3 AWS S3
Enricher
Standards Standards
Producer
Python bandit Python bandit
Source
Dependency Dependency
Producer
Yarn audit Yarn audit
Producer
Checkmarx Checkmarx
Producer
Dependency Track Dependency Track
Enricher
Policy Policy
Consumer
GitHub GitHub
Enricher
Training Training

Built by security experts,
for security experts.

The smithy platform is intuitive, powerful, and developer friendly. It was built to save time & make securing data incredibly easy.

Read the Docs
Workflows listing screenshot
Workflows listing screenshot

Sign up to our newsletter

We send infrequent emails to announce
features, specific use cases and white papers with new research.