Self-Hosted & Air-Gapped

Your infrastructure.
Your data. Your control.

Deploy Scuto entirely within your network. Zero outbound connections. No external dependencies. Your data never leaves your infrastructure.

Contact Sales Book a Demo

You don't need to trust us

Deploy on your own infrastructure and verify every claim yourself.

Zero telemetry or phone-home

No license callbacks, no usage tracking, no analytics beacons. LLM can be self-hosted (Ollama/vLLM) for fully air-gapped operation, or use cloud APIs when connectivity is available.

No external dependencies

All core components run locally — PostgreSQL, Redis, NATS, S3-compatible storage. No third-party SaaS calls, no CDNs. Completely self-contained.

Full data sovereignty

All scan results, findings, credentials, and configurations stay within your infrastructure. Nothing is transmitted externally.

You control the encryption keys

All data encrypted with keys you own and manage. No vendor key escrow. Full control over your cryptographic material.

Audit every packet

Deploy network monitoring on the Scuto instance. Verify zero outbound traffic yourself. Full transparency, no trust required.

Air-gapped network support

Purpose-built for classified and regulated environments. Works completely offline with no connectivity requirements.

Deployment Architecture

Kubernetes-native, highly available, and built for both cloud and on-premises infrastructure.

Scuto runs on Kubernetes with PostgreSQL, NATS, and S3-compatible storage. Deploy on any cloud provider or on-prem cluster — with optional self-hosted LLM for fully air-gapped environments.

Your Cloud (AWS / Azure / GCP)

Kubernetes (EKS / AKS / GKE)

Scuto App

×3 replicas

Workers

×N auto-scaled

Scanners

×N auto-scaled

PostgreSQL

RDS / Cloud SQL / Azure

Redis

Cache & queues

NATS

Message broker

S3 / Azure Blob

Object storage

LLM Provider

Cloud APIs

All data stays inside your boundary

Container images

Source code

Scan findings

Device telemetry

Credentials & secrets

Compliance reports

Scuto processes everything locally — container images, source code, scan results, device data, and compliance reports never leave your infrastructure. The only optional external connection is to an LLM API for AI-assisted analysis, which can be replaced with a self-hosted model for fully air-gapped deployments.

Built for regulated environments

Architecture designed to meet the requirements of leading compliance frameworks.

SOC 2 Type II

ISO 27001

HIPAA

GDPR

Self-hosted deployment with full data sovereignty, encryption key ownership, and audit logging — architecture designed for SOC 2 Type II, ISO 27001, and HIPAA compliance.

Ready to deploy on your infrastructure?

Talk to our team about self-hosted and air-gapped deployment options.