Pilot it on your data
Connect one scanner and one CMDB. Watch the queue route itself in real time.
Product
A mobilization engine,
not another scanner.
ZeroInSec sits where your scanners stop and your tickets start. Four pillars handle the entire path from finding to fix — without leaving a single owner-less critical in the backlog.
Step 01 · Any source · zero duplicates
Ingest from every scanner, CMDB, and ticketing system you already run.
- Native connectors for Nessus, Tenable, Wiz, Snyk, Qualys, CrowdStrike, GitHub Advanced Security, ServiceNow CMDB, Jira, Datadog.
- Normalize to a single finding model — CVE, misconfiguration, identity risk, and exposed secret share one schema.
- Idempotent imports. Re-ingesting a 12k-finding scan does not produce 12k duplicates or 12k re-routes.
- CSV bulk-load fallback for legacy tools, with 40k-row safety limits and dry-run preview.
app.zeroinsec.com/ingest
screenshot · phase 5 capture pass
Source health · last sync · dedupe ratio · ingest throughput
Step 02 · The core engine
Mobilize findings through type-safe assignments, approval workflows, and predictive SLAs.
- Every assignment is a typed event, not a row in a spreadsheet — reroutes and overrides leave an audit trail.
- Approval workflows for risk-accept and false-positive decisions. Multi-level, role-aware, time-bounded.
- Predictive SLAs learn from your remediation cadence. Stop pretending every Critical is 14 days.
- Escalations triggered by SLA breach, owner inactivity, or business-context shift — not by cron.
Live status in your queue: Critical 12 High 48 Medium 213
app.zeroinsec.com/queue
screenshot · phase 5 capture pass
Assignment console · live queue · SLA forecast band · escalation triggers
Step 03 · Owner resolution
Smart routing via CMDB, Git CODEOWNERS, and asset hierarchy.
- Owner derived from your CMDB system-of-record, with Git CODEOWNERS as the second resolver for code-adjacent assets.
- Asset hierarchy traversal — if the leaf has no owner, walk the tree until you find one.
- Resolution under 30 seconds at p50 on a 40,000-asset inventory. We have measured this.
- Hand-curated overrides for the inevitable edge cases. Every override carries a reason and an expiry.
app.zeroinsec.com/routing
screenshot · phase 5 capture pass
Routing rule editor · resolver chain · override registry
Step 04 · Tickets · audit · exec
Output to Jira, ServiceNow, webhooks, or your custom downstream — with an audit trail you can hand to auditors.
- Native Jira and ServiceNow ticketing. Webhook emit for everything else (Slack, PagerDuty, internal tooling).
- Type-safe audit log — every state transition is recorded as a structured event with cause attribution.
- Role-based dashboards for each level of the org. Engineers see queues, CISOs see EPSS-weighted risk posture.
- Exec exports that survive board review — no spreadsheets, no manual aggregation.
app.zeroinsec.com/output
screenshot · phase 5 capture pass
Jira sync · audit log tail · CISO dashboard preview
Role-based dashboards
Five levels of the org. Five different views of the same truth.
Engineers want their queue. CISOs want EPSS-weighted posture. We do not paper over the difference with a single "executive dashboard" — each role gets the data shape that role needs.
Your queue, your SLAs, your CVEs — nothing else.
- Personalized queue scoped to assets you own via CMDB or CODEOWNERS membership.
- AI-suggested remediation steps inline, with patch links and change-management context.
- One-click risk-accept, false-positive, and "needs context" escalation paths.
engineer dashboard · phase 5 capture pass
Team throughput, blockers, and trend.
- Aggregate of your team's queues with MTTR, queue depth, and SLA-breach trend.
- Blocker view — findings stuck waiting on approval, dependency, or external owner.
- Per-engineer load with rebalancing suggestions.
manager dashboard · phase 5 capture pass
Cross-team posture and resource allocation.
- Multi-team rollup with comparable MTTR and SLA-breach metrics.
- Capacity model — show which teams are over-loaded relative to incoming risk volume.
- Risk-accept policy heatmap by team.
director dashboard · phase 5 capture pass
Strategic posture and vulnerability drivers.
- Org-wide posture indexed by business unit, environment, and product line.
- Root-cause drivers — which CVE families, which CMDB segments, which 3rd-party packages.
- Forecast band: where we will be in 30/60/90 days at the current cadence.
vp dashboard · phase 5 capture pass
Board-grade risk posture, EPSS-weighted.
- Risk posture weighted by EPSS, business impact, and exploit-in-the-wild signal.
- Top-10 watch list — the findings most likely to actually hurt you this quarter.
- Audit-ready compliance evidence: SLA adherence, approval trail, escalation history.
ciso dashboard · phase 5 capture pass
Architecture
One data flow. Four boxes. No black box.
Every component is observable, idempotent, and type-safe. The mobilization engine is the box your existing platforms skip — everything around it interoperates with the tools you already run.
Scanners
Tenable · Wiz · Snyk
CMDB
ServiceNow · Asset DB
Identity
IdP · CODEOWNERS
01
Ingest
normalize · deduplicate · enrich
02
Correlation
finding → asset → owner · CMDB join · CODEOWNERS resolve
Core engine
03
Mobilization
type-safe assignments · predictive SLAs · escalations · immutable audit
Tickets
Jira · ServiceNow
Audit log
Immutable · 7y
Dashboards
IC → CISO
Observable
Every stage emits structured events. OTel-compatible traces from ingest to ticket.
Idempotent
Re-ingest, replay, and rehydrate are first-class. Disaster recovery is a config flag.
Type-safe
Pydantic schemas + Alembic migrations end to end. State transitions are validated, not hoped for.