Can SecPortal be self-hosted or deployed on-prem?

Yes. SecPortal supports self-hosted and on-premises deployment for organisations with data residency, air-gapped, or regulatory requirements. Contact our team for deployment options and pricing.

How does SecPortal handle data security?

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We enforce row-level security so each workspace can only access its own data. Pro and Team plans include two-factor authentication (MFA) enforcement for your entire workspace. Every action is logged in an immutable audit trail.

Can business units and clients access the portal?

Yes. Each client or business unit gets access to your branded portal on your custom subdomain. They can view findings, track remediation progress, download reports, and manage their security posture independently.

How does AI work inside SecPortal?

AI is built into the workflow to speed up triage, reporting, remediation guidance, and engagement admin. It can create clients, set up engagements, log findings with CVSS scores, generate reports, and map findings to compliance frameworks. Everything the AI proposes is reviewable — nothing executes without your approval.

What compliance frameworks are supported?

SecPortal includes pre-built control templates for ISO 27001, SOC 2, Cyber Essentials, Cyber Essentials Plus, NIST, and PCI DSS. All findings and controls are mapped to framework requirements with exportable audit trail evidence.

Do you offer SSO and SAML?

Yes. Enterprise plans support SAML-based single sign-on with any identity provider. Pro, Team, and Enterprise plans include TOTP-based MFA with Google Authenticator, Authy, or 1Password.

Does SecPortal include built-in vulnerability scanning?

Yes. SecPortal runs native security scans, including external domain scanning (16 modules), authenticated web app testing (17 modules), and code scanning (SAST + SCA), all built into the platform. You can also import findings from Nessus, Burp Suite, and any CSV format. Schedule scans daily, weekly, or monthly for continuous monitoring.

Can I import results from other tools?

Yes. SecPortal accepts imports from Nessus, Burp Suite, and any CSV format. Use built-in scanning for new assessments and import historical results from the tools you already use — everything lives in one place.

Security platform

The operating system
for security work

Run assessments, findings, reports, remediation, compliance, and delivery in one place. Use built-in scanners and AI-powered workflows, or bring in results from the tools you already use. Deploy in our cloud or on your own infrastructure.

Start Free See Sample Report

Built-in scanning · SaaS or self-hosted · SSO/SAML · Full audit trail · Branded portal

app.secportal.io/dashboard

Dashboard

Business Units

Activity

External Scans

Auth Scans

Code Scans

AI Assistant

Team

Settings

Open Findings

Scans This Month

Compliance Controls

Engagements

Latest External ScanA

secportal.io

16/16 modules

Latest Code ScanC

secportal/backend-api

SAST + SCA8 medium3 low

Recent Activity

External scan completed: secportal.ioScore: 85

SQL Injection on Login EndpointCritical

Code scan: 8 vulnerabilities in secportal/backend-apiMedium

Scheduled scan: weekly on api.secportal.ioScheduled

White-labelled to your organisation. Available on your custom domain.

Built-in scanningAI-powered workflowsSaaS or self-hostedSSO / SAMLFull audit trailBranded portal

One place to run the full security workflow

From initial assessment through final delivery, SecPortal keeps your team in one platform.

Assess

Run external, authenticated, and code-based assessments in one platform, with built-in scanning and support for results from the tools you already use.

Decide

Triage findings, score risk, map to frameworks, and generate clear remediation guidance with AI-assisted workflows.

Deliver

Publish reports, share branded portals, track remediation, and provide audit-ready outputs for clients or internal stakeholders.

Built-in security scanning

Scan domains, web applications, and source code for vulnerabilities, all from the same platform you use to manage engagements and deliver reports.

External Scanning

16 automated modules scan your external attack surface: SSL, ports, subdomains, cloud exposure, and more.

Authenticated Scanning

17 security tests behind login pages: SQLi, XSS, IDOR, CSRF, broken access control, and more.

Code Scanning

SAST via Semgrep and SCA dependency auditing. Connect GitHub, GitLab, or Bitbucket in one click.

Attack Surface Management

Discover subdomains, detect cloud exposure, check for subdomain takeover, and fingerprint technologies.

Continuous Monitoring

Schedule daily, weekly, or monthly scans. Track trends, catch regressions, and maintain your posture.

Scanner Imports

Import findings from Nessus, Burp Suite, and CSV. Combine external tool results with built-in scans in one view.

AI built into the workflow

Use AI to speed up triage, reporting, summaries, remediation guidance, and engagement admin. Every action stays reviewable and under your control.

AI AssistantOnline

Create a client called Xygen Ltd with contact sarah@secportal.io and start a security assessment for them

I'll create the client and set up the engagement. Here's what I'll do:

ClientXygen Ltd (sarah@secportal.io)

EngagementSecurity Assessment

Apply

Dismiss

Applied

Done! Created Xygen Ltd and started a Security Assessment. Want me to add findings?

Yes, add a critical SQL injection on the login page

Logged the finding:

SQL Injection on Login PageCritical

CVSS 9.8 · AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Apply

Dismiss

AI proposes. You review and approve. SecPortal is the system of record.

Engagement & Client Setup

Creates clients, scopes engagements, assigns team members, and configures assessment types through natural language.

Finding Triage & Scoring

Logs findings with CVSS scores, triages by severity, flags false positives, and recommends prioritisation. You review before applying.

Report Generation

Generates executive summaries, technical breakdowns, and remediation roadmaps from your engagement data. Every output is editable.

Compliance Mapping

Maps findings to ISO 27001, SOC 2, Cyber Essentials, and other framework controls automatically.

Remediation Guidance

Recommends fixes prioritised by impact, tracks resolution progress, and verifies remediation completeness.

Workspace Administration

Schedules scans, manages team assignments, and handles routine admin tasks so your team focuses on security work.

One platform, many workflows

Whether you manage security across business units or deliver assessments to clients, SecPortal is the single place your team works from.

Internal Security Teams

Run vulnerability scans, manage findings and compliance controls across segregated business units, and produce audit-ready outputs — all in one workspace. Self-host to meet data residency requirements.

Cross-business-unit security management
AI-assisted triage, compliance summaries & remediation roadmaps
ISO 27001, SOC 2, Cyber Essentials & more
Full audit trail with CSV export for board reporting

Service Providers & Consultancies

Run scans for clients, deliver reports through branded portals, track remediation in real time, and manage invoicing — from solo consultants to multi-team firms and MSSPs.

Branded client portal on your custom subdomain
Integrated invoicing with Stripe payment collection
Client-facing remediation tracking & messaging
Multi-client engagement management across all assessment types

Pre-built for the assessments you run most

Start with pre-configured engagement types, or create custom ones to match your workflow.

Penetration Testing

Vulnerability Assessment

Cyber Essentials

Cyber Essentials Plus

ISO 27001 Audit

SOC 2 Assessment

Bug Bounty Program

Security Review

Incident Response

Explore SecPortal

All Features

Explore every feature of the platform

Solutions by Role

For consultants, firms, MSSPs, and more

Free Security Tools

CVSS calculator, SSL checker, and more

Blog & Guides

Security guides, templates, and insights

See how SecPortal fits your security workflow

Get started in under 2 minutes, or contact our team for enterprise and self-hosted options.

Start Free See Sample Report

We built SecPortal because every security team we worked with had the same problem: findings in spreadsheets, reports assembled manually, remediation tracked over email, and no single platform connecting it all. Whether you manage security across business units internally or deliver assessments to clients, the operational overhead is identical. SecPortal is the platform I wished existed.

Mert Satilmaz

Founder & Engineering Lead

Built by security professionals, for security professionals.

Simple, transparent pricing

Plans for every team size. Contact us for self-hosted and enterprise options.

Starter

Free

+ 4% on invoices paid through the portal

Get Started Free

3 clients or business units
1 team member
2 engagements per client
Up to 20 items
1 GB storage (+ $1/10 GB extra)
Report delivery & tracking
Invoicing & payments
3 one-time AI credits
Two-factor authentication (MFA)
Custom subdomain
Branding removal
Security Scanning
1 verified domain
2 external scans/month
6 core scan modules
Subdomain scanning
Authenticated scanning
Code scanning (SAST + SCA)
Continuous monitoring

Frequently asked questions

Everything you need to know before getting started.

Ready to get started?

Talk to our team about your security workflows and compliance needs, or get started immediately with a free workspace.

Start Free Contact Sales

Available as SaaS, self-hosted, or on-prem.

support@secportal.io Join our Discord

The operating systemfor security work