FAQs

What is Smithy?

Smithy is a developer-first product security platform that orchestrates security tools, automates triage, accelerates compliance, and integrates seamlessly into development workflows — on-premise or cloud.

How is Smithy different from traditional platforms?

Smithy offers on-premise deployment, adds support for new tools within days, prioritises real findings without developer disruption, generates fixes, synchronises security findings state between platforms and orchestrates security actions — not just vulnerability reporting.

Can Smithy integrate with our existing security tools?

Yes, Smithy is tool-agnostic. It can easily integrates with scanners, cloud security tools, SAST, DAST, SCA, and internal systems.

Does Smithy support on-premise deployments?

Yes, Smithy’s Enterprise Tier supports full on-premise deployment with dedicated support.

How does Smithy reduce security triage noise?

Smithy prioritises only vulnerabilities that are reachable, exploitable, and impact your environment. As a result it cuts noise by up to 90%.

How does Smithy accelerate compliance evidence gathering?

Smithy automates evidence collection and maps controls to standards like SOC 2, ISO 27001, and NIST 800-53, delivering audit-ready reports. The team developing Smithy also supports openCRE.org. We know how to treat regulation.

Who should use Smithy?

Enterprise
Are you in a regulated space? Do you have strict compliance requirements? Then Smithy is for you!
Smithy is perfect for teams needing a DevSecOps function out of the box.
Smithy works great for medium and large enterprises needing on-prem orchestration and low noise triaging with audit logs of every action to match.

Small/medium companies companies
Are you looking to secure your infrastructure while you're scaling without a dedicated security team?
We also have something for you.
Check out our open source, or our free and small tiers to ensure you grow your product securely from the start.

How fast can we deploy Smithy?

Cloud setups are ready in hours; on-premise deployments typically complete within 1–2 weeks.

What support does Smithy offer?

Standard SaaS support, plus Enterprise Support including a dedicated engineer and quarterly reviews.

How do we see a demo?

Request a Demo to see Smithy’s real-world security triage and automation capabilities live.