CLI Mode

Enterprise Mode

Production-grade security scanning with compliance frameworks, team collaboration, and enterprise integrations. Built for organizations with strict security requirements.

License Required

Enterprise mode requires an active Enterprise license. Contact sales@agnech.com for pricing and deployment options.

Overview

Enterprise mode is designed for organizations that need compliance-ready scanning, team collaboration, and integration with existing security workflows. It includes all features from Ultimate mode plus enterprise-specific capabilities.

Bash

1# Activate enterprise mode
2bloodhound scan . --mode enterprise
3
4# Enterprise mode with compliance framework
5bloodhound scan . --mode enterprise --compliance soc2,pci-dss
6
7# Generate executive report
8bloodhound scan . --mode enterprise --report executive --output report.pdf
9
10# Team scan with role-based visibility
11bloodhound scan . --mode enterprise --team security-team --visibility restricted

Enterprise Features

Compliance Frameworks

Built-in support for SOC 2, HIPAA, PCI-DSS, ISO 27001, and GDPR

Executive Reports

Board-ready PDF reports with risk scores and trend analysis

SLA Guarantees

99.9% uptime SLA with dedicated support channels

Team Collaboration

Role-based access control and shared dashboards

Air-Gap Deployment

Fully offline operation with on-premises license server

Custom Integrations

Professional services for custom workflow integration

Configuration

Enterprise mode is configured through a dedicated configuration file that supports organization-wide policies and team-specific overrides.

YAML

1# bloodhound.enterprise.yaml
2version: 2
3license:
4  key: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
5  server: "https://license.yourcompany.com"  # For air-gap deployments
6
7organization:
8  name: "Acme Corporation"
9  id: "org_12345"
10
11policies:
12  # Fail CI/CD if critical vulnerabilities found
13  fail_on_critical: true
14  fail_on_high: true
15  max_vulnerabilities: 50
16
17  # Required scans before merge
18  required_scans:
19    - sast
20    - dependencies
21    - secrets
22
23  # Block patterns (will always fail)
24  blocked_patterns:
25    - "hardcoded-aws-key"
26    - "sql-injection"
27    - "command-injection"
28
29compliance:
30  frameworks:
31    - soc2
32    - pci-dss
33  auto_map_findings: true
34  generate_evidence: true
35
36teams:
37  - name: "platform-team"
38    repos: ["api-*", "core-*"]
39    notification_channel: "#platform-security"
40
41  - name: "frontend-team"
42    repos: ["web-*", "mobile-*"]
43    notification_channel: "#frontend-security"
44
45reporting:
46  executive_reports:
47    schedule: "weekly"
48    recipients: ["ciso@company.com", "security-team@company.com"]
49    format: "pdf"
50
51  trend_analysis:
52    enabled: true
53    retention_days: 365
54
55integrations:
56  jira:
57    enabled: true
58    project: "SEC"
59    auto_create_tickets: true
60    priority_mapping:
61      critical: "Highest"
62      high: "High"
63      medium: "Medium"
64      low: "Low"
65
66  slack:
67    webhook: "${SLACK_WEBHOOK_URL}"
68    channels:
69      critical: "#security-critical"
70      daily_summary: "#security-daily"
71
72  splunk:
73    enabled: true
74    host: "splunk.yourcompany.com"
75    index: "security_scans"
76    token: "${SPLUNK_HEC_TOKEN}"

Compliance Modes

Enterprise mode includes pre-built compliance frameworks that automatically map findings to control requirements and generate audit-ready evidence.

Framework	Patterns	Auto-Map	Report Template
SOC 2 Type II	145	✓	✓
HIPAA	89	✓	✓
PCI-DSS 4.0	234	✓	✓
ISO 27001	178	✓	✓
GDPR	67	✓	✓
NIST CSF	312	✓	✓
FedRAMP	428	✓	✓
OWASP ASVS	186	✓	✓

Bash

1# Run SOC 2 compliance scan
2bloodhound scan . --mode enterprise --compliance soc2
3
4# Output includes control mapping:
5# ┌──────────────────────────────────────────────────────────────┐
6# │ SOC 2 Compliance Report                                      │
7# ├──────────────────────────────────────────────────────────────┤
8# │ Control: CC6.1 - Logical Access Controls                     │
9# │ Status: 2 findings require attention                         │
10# │                                                              │
11# │ Finding: Hardcoded API key in config.ts:45                   │
12# │ Maps to: CC6.1.3, CC6.6.1                                    │
13# │ Evidence: Screenshot + code snippet auto-captured            │
14# │                                                              │
15# │ Finding: Missing authentication on /api/admin                │
16# │ Maps to: CC6.1.1, CC6.1.2                                    │
17# │ Evidence: Request/response captured                          │
18# └──────────────────────────────────────────────────────────────┘

Team Management

Enterprise mode supports role-based access control and team-specific configurations for large organizations.

Role Hierarchy

AdminFull access to all features, team management, and billing

Security LeadManage policies, view all scans, configure integrations

DeveloperRun scans, view own results, mark as resolved

ViewerRead-only access to dashboards and reports

Enterprise Reporting

Generate board-ready reports with executive summaries, trend analysis, and compliance status dashboards.

Bash

1# Generate executive summary report
2bloodhound report executive --period 30d --output executive-report.pdf
3
4# Sample Executive Report Contents:
5# ├── Executive Summary
6# │   ├── Risk Score: 72/100 (Medium-High)
7# │   ├── Trend: ↓ 8% improvement from last month
8# │   └── Key Metrics
9# │       ├── Critical Issues: 3 → 1 (-67%)
10# │       ├── Mean Time to Remediate: 4.2 days
11# │       └── Compliance Score: 94%
12# │
13# ├── Risk Distribution
14# │   ├── By Severity (pie chart)
15# │   ├── By Category (bar chart)
16# │   └── By Team (table)
17# │
18# ├── Compliance Status
19# │   ├── SOC 2: 94% compliant
20# │   ├── PCI-DSS: 98% compliant
21# │   └── Open control gaps (list)
22# │
23# ├── Top Risks
24# │   ├── #1: SQL Injection in payment service
25# │   ├── #2: Outdated OpenSSL in API gateway
26# │   └── #3: Missing MFA on admin portal
27# │
28# └── Recommendations
29#     ├── Immediate Actions (this week)
30#     ├── Short-term (this month)
31#     └── Long-term (this quarter)

SSO Integration

Enterprise mode supports SAML 2.0 and OIDC for single sign-on integration with your identity provider.

YAML

1# bloodhound.enterprise.yaml - SSO Configuration
2
3sso:
4  provider: "okta"  # okta, azure-ad, onelogin, google, custom
5
6  saml:
7    entity_id: "https://bloodhound.yourcompany.com"
8    sso_url: "https://yourcompany.okta.com/app/bloodhound/sso/saml"
9    certificate: |
10      -----BEGIN CERTIFICATE-----
11      MIIDpDCCAoygAwIBAgIGAX...
12      -----END CERTIFICATE-----
13
14  attribute_mapping:
15    email: "user.email"
16    name: "user.displayName"
17    groups: "user.groups"
18
19  group_mapping:
20    "Security Team": "security-lead"
21    "Engineering": "developer"
22    "Executives": "viewer"
23
24  # Auto-provision users on first login
25  auto_provision: true
26
27  # Require SSO for all users (disable password login)
28  enforce_sso: true

Identity Provider Support

We support Okta, Azure AD, OneLogin, Google Workspace, and any SAML 2.0 or OIDC-compliant identity provider. Custom integrations available on request.