Curating security tools

Hexagon shape

Building workflows

Finding vulnerabilities

Generating capacity for your team

Hexagon shape

Without any code

Meet Smithy, the one-stop platform that makes your security tools work harder so your security team can work smarter.

Boost your efficiency and automate security workflows, with zero code, with the Smithy Platform.

Our cutting-edge workflow platform seamlessly integrates with your existing application security tools. You can enrich and streamline your data, and identify and resolve potential security vulnerabilities with ease. With Smithy, you're not just saving time, you're optimising your end-to-end security process.

Product image Product image
Smithy shapes ornament

Smithy gives security
teams more capacity

Use Cases

Home Thumbnail Image

Bring focus and capacity back to your team.

Helping developers implement security fixes, fast — with minimal feature disruption. Dramatically reduce Mean-time-to-remediation.

 Home Thumbnail Image

DevSecOps function in a box.

For small teams in highly secure environments, Smithy as a complete DevSecOps function

 Home Thumbnail Image

Identify, curate, and implement the right toolset.

We have selected and rigorously tested an array of security tools from open source and commercial operations, so that security teams can deploy the right protection for their specific code.

 Home Thumbnail Image

On-premises or in the cloud.

Choose whether Smithy runs on your cluster or in the cloud. All we need is a Kubernetes namespace and a PostgreSQL Database.

 Home Thumbnail Image

Remove every barrier.

Automate security triage across tools — cut noise from tooling and focus on what matters.

 Home Thumbnail Image

Streamlined compliance at enterprise scale.

Continuous compliance across all your tools - fully auditable, always ready.

See the product demo today

Interested in maximising your security with ease? Secure your demo now to see how Smithy saves time and enhances protection.

View Demo

We are Open-Core

We are the only security workflows engine with a growing community of dedicated contributors. Our open core allows stakeholders to have complete transparency on approach and security. We don't gather "analytics", we don't use your data for machine learning. We don't maintain relationships via vendor lock-in. If you need to offboard from Smithy-Pro, you can do so, seamlessly. Smithy-Pro is fully compatible with Open-Smithy. Have a look at the open source version of Smithy

View the Project on GitHub

DevSecOps explorer

Do you want to visualise your DevSecOps process? Have a look at the new tool explorer.

Explore
Explorer screenshot
explorer screenshot

Our Integrations

Build the perfect set of tools for the task at hand, speed up
your tasks, and leave the heavy lifting to us.

See all integrations
Source
wget wget
Producer
Tfsec Tfsec
Producer
Black duck Black duck
Producer
Docker-Trivy Docker-Trivy
Enricher
Deduplication Deduplication
Consumer
MongoDB MongoDB
Source
GitHub GitHub
Producer
GoSec GoSec
Producer
AWS S3 AWS S3
Enricher
Standards Standards
Producer
Python bandit Python bandit
Source
Dependency Dependency
Producer
Yarn audit Yarn audit
Producer
Checkmarx Checkmarx
Producer
Dependency Track Dependency Track
Enricher
Policy Policy
Consumer
GitHub GitHub
Enricher
Training Training

Built by security experts,
for security experts.

The smithy platform is intuitive, powerful, and developer friendly. It was built to save time & make securing data incredibly easy.

Read the Docs
Workflows listing screenshot
Workflows listing screenshot

Sign up to our newsletter

We send infrequent emails to announce
features, specific use cases and white papers with new research.