Skip to main content

scd-server

scd-server is the self-hosted team layer for Secure Code by Design.

When developers scan individually, findings stay siloed. scd-server brings them together — giving team leads and security-conscious admins a single view of what the whole team is finding, fixing, and ignoring. Every scan from every developer pushes automatically to your own server. Nothing leaves your network.

Team subscription required

scd-server requires a Team subscription. The scd CLI works independently as a free tool — scd-server adds the team layer on top. View plans →


What scd-server adds

  • Team dashboard — aggregated findings, trend charts, and knowledge gap tracking across all connected developers. See the security posture of your whole codebase at a glance, not just your own machine.

  • Exception approval flow — developers flag false positives or accepted risks with a reason. Team leads approve or reject. Every decision is tracked and auditable.

  • Findings history — every scan from every developer, searchable and filterable. Track when a finding first appeared, how many times it has been seen, and when it was resolved.

  • CRA Compliance Report — seven-section report aligned with EU Cyber Resilience Act and NIS2 requirements. Generated from your actual scan data — no manual assembly.

  • Notifications — dashboard inbox, Discord webhooks, and email alerts for license events, heartbeat failures, and anything else that needs attention.

  • Deep Analysis — AI-powered analysis of CRITICAL and HIGH findings. Confirms real vulnerabilities, identifies false positives, and suggests concrete fixes. Choose local AI (maximum privacy), Anthropic, or OpenAI. Disabled by default — no code leaves your network without an explicit choice.


Requirements

  • A valid Team license from securecodebydesign.com
  • A machine or server in your infrastructure reachable by your developers
  • Node.js 22.5 or later — or use the self-contained binary (no Node.js required)

Get started


Already running scd-server?