Deployment models
On-premises
Run CRYPTAGION inside your own environment — your servers, your network, your control.
Air-gapped
Fully offline runs are supported. The executive narrative falls back to a deterministic offline mode with no external call.
Local / CLI
Point the CLI at a repository, a certificate directory, or a TLS target. No agent to install across your fleet.
CI/CD (Platform tier)
A FastAPI service exposes the same capabilities for pipeline and SOAR/GRC integration.
What runs locally, and what leaves
- Local: source-code static analysis (AST / Semgrep), X.509 certificate parsing, live TLS handshakes.
- Local: the cryptographic inventory, risk scoring, CBOM and PDF generation.
- Optional only: the executive narrative may call an EU-sovereign LLM backend you choose — or run fully offline, with no external call at all.
- Never: your source code is not uploaded. Only aggregated findings are produced.
You are buying a deliverable and a method — not a data-exfiltration risk.
For your procurement file
The security posture document covers data handling, deployment, and reversibility in detail.
Download the CRYPTAGION security posture (PDF) →
· Responsible disclosure & security contact →