FAQ

Smithy is a developer-first product security platform that orchestrates security tools, automates triage, accelerates compliance, and integrates seamlessly into development workflows — on-premise or cloud.

Smithy offers on-premise deployment, adds support for new tools within days, prioritises real findings without developer disruption, generates fixes, synchronises security findings state between platforms and orchestrates security actions — not just vulnerability reporting.

Yes, Smithy is tool-agnostic. It can easily integrates with scanners, cloud security tools, SAST, DAST, SCA, and internal systems.

Yes, Smithy’s Enterprise Tier supports full on-premise deployment with dedicated support.

Smithy prioritises only vulnerabilities that are reachable, exploitable, and impact your environment. As a result it cuts noise by up to 90%.

Enterprise
Are you in a regulated space? Do you have strict compliance requirements? Then Smithy is for you!
Smithy is perfect for teams needing a DevSecOps function out of the box.
Smithy works great for medium and large enterprises needing on-prem orchestration and low noise triaging with audit logs of every action to match.

Small/medium companies companies
Are you looking to secure your infrastructure while you're scaling without a dedicated security team?
We also have something for you.
Check out our open source, or our free and small tiers to ensure you grow your product securely from the start.

cloud setups are ready in hours; on-premise deployments typically complete within 1–2 weeks.

Standard SaaS support, plus Enterprise Support including a dedicated engineer and quarterly reviews.

Book a call with us to see Smithy’s real-world security triage and automation capabilities live.