StretchSecurity

Private by default. Governance you can actually use.

Role-based access, branch protection, secret vault, and an audit-ready activity log. Scan placeholders ship now; engines wire up in Phase 3.

What you get

Built for serious teams. Generous on the free tier.

Private-by-default

New repos start private with sane defaults.

Role-based access

Repo, environment, org, and team roles. Custom roles in Phase 3.

Protected branches & environments

Required reviews, status checks, signed commits, wait timers.

Secret vault

Per-environment secrets, rotation, last-used tracking, break-glass approvals.

Audit-ready activity

Searchable audit log. Streaming export planned for Phase 3.

Scan placeholders

Dependency / secret / code-scan UI shipped now — engines arrive without breaking the model.

Capabilities

Private, public, internal, and client-shared visibility

Repo, environment, org, and team roles

Branch and tag protection

Required reviewers and CODEOWNERS

Signed commits and vigilant mode

Per-environment secret vault

Access request workflow

Audit log search

Webhooks for security events

Ruleset engine (planned)

SSO/SAML/SCIM (planned)

IP allow list (planned)

Audit log streaming (planned)

FAQ

Do you claim SOC 2 / ISO / HIPAA?

No. We don't claim certifications we haven't earned. Our roadmap is public, and our security wording is intentionally conservative.

Where do scans run?

Current build ships UI placeholders. Scans will run in controlled backend pipelines.

Related modules

Ready when you are

Free for individuals and small teams. Request access and we'll get you onboarded.