open source DevSecOps platform

Scan your delivery stack, your way.

runtz brings SCA, SAST, host, container, and Kubernetes scanning into one workflow. Start with a personal cloud workspace or run the full open source stack in your own infrastructure.

Start for freePlaygroundSee pricing
workspace/default

Platform / Overview

Visão geral

Scans e vulnerabilidades em todos os assets.

33

Assets

150

Scans

158

Vulnerabilidades

39

Críticas/Altas

Evolução de vulnerabilidades

runtz is an open source DevSecOps scan surface with a managed cloud path for teams that need shared reports without giving up a self-hosted option.

platform

One scan surface, multiple security workflows.

Available scan types stay honest. DAST stays marked as roadmap until the implementation is real.

SCA

Dependency advisories for npm projects, collected from the CLI and reviewed by workspace.

Container scanning

Read package inventories from Debian and Ubuntu based images before they move forward.

Host scanning

Inspect dpkg-based Linux hosts and root filesystems with the same ingest model.

SAST

Scan source files for high-signal static findings and send them to the same dashboard.

DAST

Planned runtime checks for application targets and evidence-led triage.

Kubernetes scanning

Use kubectl against connected clusters and report workload, exposure, and RBAC posture findings.

try it locally

Bring up the full platform with Docker Compose or Kubernetes.

Run the backend, frontend, and MongoDB locally, or deploy the same stack into a Kubernetes namespace. Then use the CLI to send scan results into the dashboard by workspace.

$ curl -fsSL https://runtz.dev/home/docker-compose.yml -o docker-compose.yml
docker compose up -d

Open source core.

Free self-hosted runtime for teams that want to inspect the product, extend it, and keep data in their own environment.

01

CLI

Collect scan data from dependencies, source code, hosts, images, and connected Kubernetes clusters.

02

Backend

Normalize findings through workspace-aware ingest APIs.

03

Dashboard

Review CVEs, advisories, findings, package context, and scan history.

04

Roadmap

DAST remains the next planned scan family.

scan matrix

Available today, clear about what comes next.

The public site should sell the direction without lying about maturity. SCA, SAST, host, container, and Kubernetes are live. DAST is roadmap.

Start free. Upgrade when your team needs managed security workflows.

Start for freePlaygroundCompare plans

Go CLI

Scanner commands for SCA, SAST, host, container, and Kubernetes workflows.

Go backend

Auth, setup, workspaces, users, ingest, and scan APIs.

Next.js UI

Dashboard and settings shell for operators and engineering teams.