Self-hosted · Air-gap ready · Zero trust

Compliance that runs
on your infrastructure

Automated assessments, risk quantification, and incident response for SOC 2, ISO 27001, and CMMC. Deploy with Docker in minutes.

Start 30-Day Free Trial Read the Docs
SOC 2 Type II 61 controls
ISO/IEC 27001:2022 93 controls
CMMC Level 2 110 controls
NIST CSF 2.0 83 controls
HIPAA Security Rule 25 controls
PCI DSS v4.0.1 63 controls
GDPR 30 controls
Sovereign GRC Dashboard

Everything you need for continuous compliance

30 integrated modules covering the full GRC lifecycle.

Automated Assessments

AI-powered control evaluation with Steampipe cloud queries. Assess SOC 2, ISO 27001, CMMC, NIST CSF 2.0, HIPAA, PCI DSS 4.0.1, and GDPR from one platform.

Incident Response

NIST 800-61 compliant workflow with SLA tracking, automated OPA playbooks, and regulatory breach notification.

Risk Quantification

FAIR methodology with Monte Carlo simulation. KRI monitoring with configurable thresholds and trend analysis.

📄

Policy Management

Administrative policy lifecycle with review tracking, approval workflows, and OPA Rego policy linking.

👥

Vendor Risk (A2A)

Agent-to-Agent attestation protocol for automated vendor compliance data exchange. SOC 2 and ISO 27001 report ingestion.

🔒

Tamper-Evident Audit Log

SHA-256 hash chain with cryptographic integrity verification. Every action recorded and verifiable.

Simple, transparent pricing

Self-hosted on your infrastructure. No data leaves your network.
See how we compare to Vanta, Drata, AuditBoard & more →

Trial

Free · 30 days
Full platform for a month. No credit card.
  • Up to 5 users
  • All 7 frameworks
  • AI-powered assessments
  • Risk quantification (FAIR)
  • Incident response workflows
  • PDF, XLSX, HTML reports
Start Trial

Starter

$499/mo
Self-serve for teams running their first audit.
  • Up to 25 users
  • All 7 frameworks
  • Steampipe cloud queries
  • Policy management
  • Tamper-evident audit log
  • Email support
Start Free Trial

Business

$60k/yr
For companies with an active vendor program.
  • Up to 500 employees
  • Everything in Starter
  • A2A vendor attestation protocol
  • Continuous scheduling + KRIs
  • SSO (Okta, Entra, Google)
  • Standard SLA + chat support
Contact Sales

Sovereign

$150k+/yr
Self-hosted & air-gapped for regulated buyers.
  • Unlimited users
  • Self-host in your VPC or SCIF
  • Local vLLM — no cloud LLM dependency
  • FedRAMP Ready / IL5 / GovCloud path
  • BCM / disaster recovery
  • Dedicated CSM + custom SLA
Contact Sales

Get your free 30-day trial key

Enter your email to receive a license key. No credit card required. Deploy on your own infrastructure in minutes.

Deploy in minutes

Docker Compose stack with PostgreSQL, Redis, OPA, and Steampipe included. The installer handles everything.

# One-line install — pulls pre-built images, generates secrets,
# starts the stack, and runs database migrations automatically.
curl -sSL https://get.defendflow.xyz | bash

# Works on Linux, macOS (Docker Desktop), and any OCI host.
# No source code download required — images ship from ghcr.io.
Step 1

Install

One command clones the repo, checks prerequisites, generates secrets and TLS certs, starts all containers.

Step 2

Activate

Paste your trial or purchased license key in Settings.

Step 3

Assess

Create your first assessment and connect cloud providers.