Security · Project Management

Security Projects.
Fully Under Control.

From project intake to final report delivery — one structured platform for security teams that need visibility, automation, and enterprise-grade access control.

Explore Features Report Generation →
Dashboard
Projects
Reports
12
Active Projects
38
Assessments
94
Reports
Complete
Alpha Corp — Web App PT
2 days ago
Ongoing
Beta Ltd — Network VA
In progress
Revisit
Gamma Inc — Source Review
Awaiting sign-off
Finding
Delta Co — Wireless Audit
Report drafted
6
Assessment Types
13
Auto Report Variables
3
Role Tiers
7
Slack Notification Types

Platform Features

Everything Your Security Team Needs

Built for security firms — not a generic PM tool bolted onto security workflows.

🔐

Microsoft Entra ID SSO

OAuth 2.0/OIDC authentication with zero friction for Microsoft 365 environments. No extra credential management needed.

📊

Role-Based Dashboards

Admin, Sales, and Delivery each see a tailored view. Revenue tracking, workload visibility, and status badges — all in one place.

📁

Project & Assessment Management

Six assessment types with a 4-stage status workflow. S3 delivery folders auto-created; projects auto-complete when all assessments close.

📝

Automated Report Generation

Quill-based templates with 13 auto-variables and one-click PDF + DOCX export stored securely in S3.

☁️

AWS Cloud Infrastructure

DynamoDB, S3, SSM Parameter Store. Secrets loaded at runtime — never hardcoded. Deployed on ECS Fargate with Docker.

💬

Slack Notifications

Real-time event alerts on assignments, status changes, and completions — plus three scheduled reminders (weekly, monthly, quarterly) that surface unassigned, stale, and overdue work automatically.

🤖

AI-Assisted Finding Write-up Generation

Paste raw assessment notes — AI identifies and consolidates findings, writes professional security write-ups with full CVSS 3.1 scoring, auto-sorted by severity. Yellow [TO DO:] markers highlight engagement-specific gaps for analyst review before delivery.

Explore AI Reporting →

Access Control

Role-Based Access Control

A two-layer model: a Role Gate checks if the role is allowed to act (returns 403 if not), then a Filter Level limits which records the user can see. Admins bypass all filters.

A
Admin
Full platform access — no restrictions
  • All projects, users & roles
  • Create, assign, update any assessment
  • Full template & report CRUD (inc. delete)
  • All Slack notifications
S
Sales
Own projects where projectLead / salesLead / teamMember
  • Create projects & assign assessments
  • Update status on own projects
  • Templates: create, view, edit (no delete)
  • Reports: generate* / view / edit / download (own projects) — no delete
D
Delivery
Assigned projects where teamMember / projectLead / salesLead
  • View projects & update assessment status
  • Upload / download project files
  • Templates: create, view, edit (no delete)
  • Reports: generate* / view / edit / download (own projects) — no delete

* Generate uses assessment-level filtering — user must appear in the assignment record for the specific assessment (assignedMembers, assignedMember, or createdBy). All other report actions use project-level filtering (user must be projectLead, salesLead, or in teamMembers).

Under the Hood

Built on Modern, Proven Technologies

Enterprise infrastructure with zero compromise on security or reliability.

Node.js & Express
AWS DynamoDB
AWS S3
AWS SSM & ECS Fargate
Microsoft Entra ID
Docker
Puppeteer (PDF)
Slack API
Quill Editor
Vanilla JS / HTML / CSS

📝 Report Generation

Design reusable templates in a rich WYSIWYG editor, apply dynamic variables, and export professional PDF & DOCX reports — stored securely in S3.

Explore Report Generation

🤖 AI-Assisted Finding Write-up Generation

Paste raw assessment notes — AI identifies findings, assigns severity, maps CVSS scores, and inserts structured write-ups directly into the report editor.

Explore AI Reporting

Scheduled Notifications

Slack Reminder Workflow

Three scheduled reminders that surface stale work automatically — no manual chasing required. Silent when everything is on track; fires only when something needs attention.

Weekly  ·  Every Monday 09:00 SGT
Unassigned Projects

Projects where no delivery team has been allocated. Fires when hasAssigned=false and age exceeds REMINDER_UNASSIGNED_DAYS (default 7 days). Sorted oldest-first with client name and age.

📋
Monthly  ·  1st of every month
Stale Assessment Stages

Individual assessments stuck in ongoing or finding-report-released with no status change. Fires after REMINDER_STALE_DAYS (default 30 days). Uses statusUpdatedAt field; falls back to project creation date for legacy records.

⚠️
Quarterly  ·  Jan / Apr / Jul / Oct 1st
Uncompleted Projects

Assigned but incomplete projects past the quarter mark. Fires after REMINDER_UNCOMPLETED_DAYS (default 90 days), showing completion ratio completedCount/totalCount for each project.

# proj-alerts
🔔 SecurePM Bot Mon 09:00
⏰ Unassigned Projects Reminder
2 projects have been unassigned for 7+ days:
PROJ-2026-042 — Acme Corp (12d)
PROJ-2026-039 — Beta Ltd / Partner Inc (9d)
🕒 Weekly reminder · Mon, 31 Mar 2026 01:00:00 GMT
🔔 SecurePM Bot 1st 09:00
📋 Stale Assessment Stage Reminder
1 assessment has not advanced in 30+ days:
PROJ-2026-031 › Web App Pentest — ongoing (38d)
🕒 Monthly reminder · Tue, 1 Apr 2026 01:00:00 GMT

Ready to Streamline Your Security Operations?

One platform. Total visibility. From first brief to final report.

← Back to All Projects