01
Coverage
What does Company overview test?
- The practice behind the platform
- Pencheff is built around the principle that evidence-backed, adversarial testing should be as rigorous as a formal audit — readable by engineers, executives, and compliance teams on the same page.
- Dropdown section: About Pencheff.
- Executive dashboard, letter grade, risk trends, severity rollups, and portfolio posture.
- Technical dossier with findings, reproduction, affected components, remediation, evidence, and re-examination state.
- Compliance mapping for OWASP, PCI DSS, SOC 2, NIST, ISO 27001, HIPAA, OWASP LLM, MITRE ATLAS, NIST AI RMF, EU AI Act, and GDPR.
- Threat modeling with STRIDE, DREAD, attack trees, abuse cases, mitigations, and scan context.
- Unified findings stream, AI triage, advisory enrichment, comments, suppressions, and audit appendices.