Measure your security posture. Steer the program.
SightGlass turns raw scan findings into tracked risks, mapped controls, audit evidence, and live dashboards — so a failed hardening check drives remediation instead of dying in a report.
Everything links to everything
Promote a single failed check into a tracked risk, link it to a control, cover it in an audit, and watch it move on the dashboard — all in one system, without re-keying a thing.
One system, end to end
Inspired by Lynis, SimpleRisk, and Eramba — unified so posture and governance finally live in the same place.
Ingest from everywhere
Lynis host-hardening scans, cloud posture (CSPM / Prowler), and any vulnerability scanner — deduplicated and enriched with CVE, EPSS, and CISA KEV context.
A risk registry that scores
Residual risk scoring, appetite thresholds, review cadences, and remediation SLA clocks — so nothing quietly slips past its deadline.
Full compliance lifecycle
Controls, audits, evidence, policies, and exceptions with deadline-driven statuses — everything links to everything, so coverage is always provable.
Vendor risk, quantified
FAIR-based third-party assessments with web-grounded research, so vendor exposure is sized in real terms — not a red/amber/green guess.
AI analysis & remediation
Explain a finding in plain language and draft the fix, grounded in the actual finding data — turning noise into a next action.
Fits your stack
Slack / Teams alerts, Jira / GitHub tickets, signed webhooks to your SIEM or SOAR, a read API, and CSV export.
Simple, transparent pricing
Every workspace starts with a 14-day Starter trial — no card required. It downgrades to Free when the trial ends; upgrade any time.
Free
Up to 3 members
- Up to 3 members · 5 assets
- Posture monitoring + GRC core
- Manual CVE import
- Community support
Starter
Up to 10 members
- Up to 10 members · 50 assets
- Multi-scanner import + AI finding analysis (50/mo)
- SLA tracking, saved views, CSV export
- Email support
Pro
Up to 25 members
- Up to 25 members · 500 assets
- Everything in Starter, plus:
- Slack / Teams / Jira / GitHub integrations
- Vendor risk + FAIR, alert rules, ingestion API
- Scheduled reports · AI (500/mo)
- Priority support
Enterprise
Unlimited members
- Unlimited members & assets
- Everything in Pro, plus:
- SSO / SAML
- Unlimited AI
- Dedicated support + SLA
Built for multi-tenant, security-first teams
Postgres row-level-security tenant isolation, SSO (OIDC & SAML 2.0), SCIM provisioning, mandatory MFA, and a tamper-evident audit trail — hardened by default.