Pencheff is built around the principle that evidence-backed, adversarial testing should be as rigorous as a formal audit — readable by engineers, executives, and compliance teams on the same page.
Integrations and operations
Our partners
Implementation specialists, channel partners, and managed security workflows.
Findings, reports, dashboards, exports, integrations, and retests all read from the same normalized record.
Pencheff favors repeatable checks, then uses AI for triage, enrichment, orchestration, and remediation where it adds signal.
Coverage
What does Our partners test?
- Implementation specialists, channel partners, and managed security workflows.
- This page is part of Company under Our Practice.
- It links back into the broader the practice behind the platform experience.
- Slack, Teams, Google Chat, Discord, PagerDuty, Opsgenie, Splunk HEC, signed webhooks, GitHub Issues, and Jira.
- Schedules for recurring scans, release gates, retests, continuous monitoring, and drift checks.
- OpenTelemetry spans, logs, metrics, trace waterfalls, audit hash chain, SLO, and cost dashboards.
- API keys, REST references, MCP tool access, webhooks, and CI/CD automation.
- Workspace onboarding, support, trust, pricing, self-hosting, partnerships, and enterprise deployment workflows.
Execution
How does Pencheff run this?
- Connect a target, workspace, integration endpoint, or automation credential.
- Choose event routing by target, severity, status, schedule, or release workflow.
- Deliver findings to chat, ticketing, paging, SIEM, GitHub, webhooks, or dashboards.
- Use traces, audit logs, SLOs, and cost views to operate scans with confidence.
- Review support, pricing, or deployment requirements when scaling the program.
Evidence
What evidence does this produce?
- Integration delivery status, target mapping, event payload, severity filters, and test results.
- Trace spans for HTTP requests, subprocesses, LLM calls, scan phases, and errors.
- Audit log records with actor, action, IP, user agent, and hash-chain verification.
- API and MCP references for automation, CI/CD, and internal platform workflows.
Controls
How is this kept safe to run?
- Credentials are stored as integration configuration and used only for the selected destination.
- Signed webhooks and target-specific routing reduce noisy or unauthenticated delivery.
- Observability is opt-in and can be disabled globally by environment policy.
- Support and pricing pages route users to the right commercial or operational next step.
Documentation
Read the full reference.
Related