Platform architecture overview

Tenant isolation boundary

Every request is evaluated in tenant context before data is read or mutated. Data access paths are scoped so one workspace cannot query, infer, or overwrite another workspace's records. Cross-tenant joins are not part of the runtime model.

Ingestion and processing flow

Ingestion accepts structured security outputs and maps them into normalized assessment records. Findings are classified, linked to assets, and prepared for lifecycle orchestration. Input handling enforces schema and boundary checks before records are accepted.

Operationally, ingestion is a controlled pipeline: submit, validate, normalize, and finalize. Finalization is treated as a policy gate to prevent unverified or malformed data from contaminating long-term evidence records.

Scoring and posture pipeline

Scoring is a deterministic pipeline that combines severity with operational context, recurrence behavior, and verification state. The resulting posture is intended to reflect live risk movement, not only static CVSS bins.

Snapshot and publication model

Board packs and generated reports are emitted as immutable snapshots. This preserves governance integrity by ensuring published evidence cannot be silently rewritten after decision-making has occurred.

Why this matters: procurement and audit stakeholders need confidence that historical records remain defensible even as live vulnerability state changes after publication.

Audit and evidence lineage

Sensitive operations are represented as append-only audit events. This allows teams to reconstruct who changed what, when, and under which tenant context across ingestion, triage, verification, and publication workflows.