We're a high-value target. Here's how we defend.

Postgres row-level security on every table holding tenant data — enforced with FORCE ROW LEVEL SECURITY, not optional. The application DB role has no BYPASSRLS. Queries without app.tenant_id set return zero rows. A custom ESLint rule blocks any db.query outside a withTenant() wrapper. 7-probe integration suite runs on every PR.

Customer repos are treated as hostile input. Analyzer workers run in Fargate with a rootless container, read-only root filesystem, no outbound internet (VPC has no IGW / no NAT), IMDSv2 hop-limit 1, strict seccomp profile, enforced size/entry-count/symlink/path-traversal guards. We never execute npm install, post-install hooks, or git hooks.

Findings cite evidence objects stored in S3 with Object Lock in Compliance mode and per-tenant KMS customer-managed keys. Even root cannot delete within the retention window. Writes are signed by the worker's task-role session; reads require a different identity. Every finding record stores a SHA-256 for tamper detection.

Customer content reaches the reasoner inside <user_content> tags the system prompt treats as data, not instructions. A pre-filter catalogues and neutralizes jailbreak patterns; a redactor strips secrets before they leave the VPC. Output is JSON-schema-validated; every claim must carry evidence_refs; overrides referencing unknown finding IDs are dropped. The reasoner cannot suppress findings — only a human analyst can, with a signed action and audit trail.

Every read of your data by Aegis services or staff is logged to a tamper-proof audit stream — yours to inspect. No standing analyst access: every operator read requires a documented ticket reason and a time-bound elevation; admin reads require two-person approval and alert your account owner in real time.

Your AWS role trust policy requires an external ID we generate (128 random bits, never logged) and a aws:PrincipalTag/tenant_id match. We assume the role only during a scan window; any assume outside is an on-call page. GitHub App keys live in KMS and never leave the HSM boundary.

We run Aegis against Aegis on every PR and nightly. CI fails on new Criticals in our own repo. The deliberately-vulnerable vuln-saas target ships 20 planted findings; a rule that silently stops matching breaks the build before it breaks customers.

Pinned deps with lockfiles. No floating versions in production images. Container images built with SLSA Level 3 provenance, signed with cosign; Lambda and Fargate deploys verify signatures and reject unsigned builds. SBOM per release; our own SCA continuously monitors it.