Every API request is scoped to a tenant via JWT claims. Database queries enforce tenantId on all resources.
Git credentials and integration tokens are encrypted at rest using AES-256. All traffic uses TLS 1.2+.
JWT access tokens (15 min) with refresh rotation. Enterprise SSO via OIDC (Okta, Azure AD) supported.
Deploy SecIQ in your preferred region. Scan artifacts stored in S3-compatible object storage with configurable retention.