Reach the team for onboarding, enterprise deployments, security disclosures, partnerships, support, and compliance conversations.
Infrastructure and assets
Support overview
Reach the team for onboarding, enterprise deployments, security disclosures, partnerships, support, and compliance conversations.
Findings, reports, dashboards, exports, integrations, and retests all read from the same normalized record.
Pencheff favors repeatable checks, then uses AI for triage, enrichment, orchestration, and remediation where it adds signal.
Coverage
What does Support overview test?
- Get the right help for security work
- Reach the team for onboarding, enterprise deployments, security disclosures, partnerships, support, and compliance conversations.
- Dropdown section: Help and contact.
- Terraform, Kubernetes YAML, Helm, Dockerfiles, CloudFormation, Trivy config, Checkov, tfsec, Kubesec, and Hadolint-style checks.
- Container image vulnerability and misconfiguration scanning with registry and admission-control workflows.
- Attack surface management for subdomains, exposed hosts, cloud edges, certificates, services, and drift.
- Network VA for host CVEs, service misconfiguration, TLS, headers, and authenticated host checks.
- Active Directory, internal network, Android/iOS static analysis, exported component checks, and mobile secret sweeps.
Execution
How does Pencheff run this?
- Register assets directly or discover them through ASM, repository manifests, or infrastructure files.
- Run IaC and container checks before deployment, then pair results with runtime surface discovery.
- Use network and internal checks to identify exposed services, certificate issues, AD paths, or host CVEs.
- Normalize infra findings with source, asset, environment, severity, remediation, and compliance mappings.
- Gate releases, schedule recurring checks, or produce audit bundles for platform and cloud teams.
Evidence
What evidence does this produce?
- Affected resource, manifest path, image reference, package, host, service, port, certificate, or mobile artifact.
- Rule id, scanner provenance, misconfiguration description, exploitability notes, and remediation.
- Cloud, Kubernetes, container, or network context needed by platform owners.
- Compliance mapping for configuration management, technical vulnerability, and supplier controls.
Controls
How is this kept safe to run?
- Registry and admission policies can prevent risky images or manifests from progressing.
- ASM and network checks are scoped to authorized assets and known workspace boundaries.
- Infrastructure findings can be tied back to repos and deployment pipelines for ownership.
- Mobile and internal findings remain in the same evidence and reporting workflow as web findings.
Documentation
Read the full reference.
Related