Built for Security Teams, Secured Like One
CaseBender is an on-premise case management platform purpose-built for Security Operations Centers. We understand that the tools security teams rely on must meet the same rigorous standards they enforce across their organizations.Live Pipeline Status
Every code change to CaseBender passes through automated security gates before it reaches a release. These badges reflect real-time CI/CD status from our build pipeline:| Check | Status | What It Covers |
|---|---|---|
| Security Scan |  | Gitleaks, Trivy, Semgrep SAST, ESLint Security, OWASP ZAP, dependency review, license compliance, SBOM generation |
| Supply Chain |  | Reproducible build verification, lockfile integrity, dependency pinning, image verification |
| Image Signing |  | Cosign keyless signing for all container images, SBOM attestation |
| SLSA Provenance |  | SLSA Level 2+ build provenance generation and signing |
| Accessibility |  | WCAG 2.1 AA, Section 508, ADA Title III compliance |
Security by the Numbers
20 Security Controls
From Zero Trust architecture to DDoS protection, covering SEC-001 through SEC-020
10+ Compliance Frameworks
SOC2, ISO 27001, GDPR, CMMC, FedRAMP, HIPAA, PCI DSS, and more
15+ CI/CD Security Checks
Automated scanning on every commit: SAST, DAST, SCA, secrets, licenses, containers
On-Premise First
Your data never leaves your infrastructure. No telemetry, no cloud dependencies
Signed Artifacts
Every container image is signed with Sigstore. Every build has SLSA provenance
7 Container Images
Each service image is individually scanned, signed, and attested before release
Security Principles
Defense in Depth
CaseBender implements multiple layers of security controls. No single control is relied upon in isolation:- Perimeter: Rate limiting, DDoS detection, input validation, SSRF prevention
- Authentication: MFA (TOTP + WebAuthn/FIDO2), SSO (SAML 2.0), step-up authentication
- Authorization: RBAC, TLP-based access control, privileged access management
- Data: Encryption at rest (AES-256) and in transit (TLS 1.3), field-level encryption, data classification
- Monitoring: UEBA behavioral analytics, insider threat detection, unified audit trail, SIEM forwarding
- Supply Chain: Signed images, SBOM, SLSA provenance, dependency scanning, reproducible builds
Zero Trust Architecture
Every request is verified regardless of origin. CaseBender implements:- Device trust assessment with risk scoring
- Mutual service authentication (HMAC) between microservices
- Step-up authentication for sensitive operations
- Continuous session validation
- No implicit trust between services
On-Premise Advantage
As an on-premise platform, CaseBender provides inherent security benefits:- Data Sovereignty: Customer data stays within your infrastructure boundary
- Network Control: You control all ingress and egress
- Air-Gap Support: Deployable in fully isolated environments
- No Vendor Access: CaseBender has zero access to your running instance or data
- Compliance Simplification: Your data classification and retention policies apply directly
Explore Security Documentation
Security Architecture
Zero Trust design, service mesh, network segmentation, and multi-tenant isolation
Data Protection
Encryption, data classification, TLP system, secrets management, and retention policies
Authentication & Access
MFA, SSO, account lockout, step-up authentication, and WebAuthn/FIDO2
Access Control
RBAC, privileged access management, cross-team visibility, and API security
Threat Detection
UEBA, insider threat detection, DDoS protection, and SIEM integration
Compliance Frameworks
SOC2, ISO 27001, GDPR, CMMC, FedRAMP, HIPAA, PCI DSS, and more
Supply Chain Security
Dependency management, container signing, SBOM, SLSA provenance
Code Security
SAST, DAST, vulnerability management, penetration testing, license compliance
Audit Logging
Unified audit trail, integrity verification, legal hold, e-discovery
Hardening Guide
Deployment hardening, database security, container security, monitoring