Find the Info You Need
FAQ
Everything you need to know about Eureka
Product & Features
Eureka is an Application Security Posture Management (ASPM) platform that helps development teams scan, prioritize, and track security vulnerabilities. We aggregate findings from multiple security scanners, map them to OWASP ASVS for prioritization, and provide a unified view of your application security posture.
Eureka is purpose-built for development teams in regulated industries (healthtech, fintech, insurtech, govtech) who are implementing application security for the first time or preparing for their first compliance audit.
You’re a great fit if:
- You don’t have an established AppSec program or scanning tools in place
- You’re preparing for SOC 2, HIPAA, or PCI compliance
- Customer security questionnaires are blocking your deals
- You need scanning tools and structure but don’t know where to start
- You want something simpler and more affordable than enterprise tools like Snyk or Veracode
You’re probably not a fit if:
- You have a mature AppSec program with established processes
- You need advanced features like threat modeling or automated remediation (coming 2025-2026)
- You require on-premises deployment (we offer cloud-based hybrid deployment only)
Note: Eureka provides the scanning tools, OWASP ASVS structure, and evidence tracking—but someone on your team still needs to review findings and coordinate fixes. We don’t eliminate the need for security review, we make it more efficient.
If you’re unsure, [schedule a demo] and we’ll help you determine if Eureka is right for your team’s stage and needs.
Eureka supports multiple scanner types:
Built-in (included):
- Static Analysis (SAST): OpenGrep
- Software Composition Analysis (SCA): DepScan, Grype
- Secrets Detection: GitLeaks
Bring your own license:
- Veracode SAST and SCA
- Semgrep SAST
- SonarQube SAST
- Snyk SCA
All findings are aggregated, correlated, and mapped to OWASP ASVS categories.
OWASP Application Security Verification Standard (ASVS) is the industry standard framework for application security requirements. Eureka uses AI to automatically map every vulnerability to ASVS categories (like authentication, session management, access control), so you know which security domains are affected and can prioritize fixes based on risk rather than just severity scores.
For a complete walkthrough of how to set up Eureka, please see our onboarding video.
Eureka helps you demonstrate continuous vulnerability management for compliance frameworks like SOC 2, HIPAA, and PCI-DSS. You can:
- Track what you’ve scanned, found, and fixed
- Maintain an audit trail of vulnerability states
- Export vulnerability reports to PDF
- Show auditors your security scanning processes
Note: Eureka provides evidence of vulnerability management but doesn’t guarantee compliance on its own.
Currently, Eureka provides vulnerability listings with filtering, sorting, and state management. You can export vulnerability lists to PDF for documentation. Advanced dashboards and customizable reports are planned for future releases.
Yes. Eureka aggregates results from multiple scanners and correlates related vulnerabilities to reduce duplicate findings and provide a clearer picture of your security posture.
Integration with Jira, GitHub Issues, and Azure DevOps Boards is planned for Q2 2025. Currently, you manage vulnerability states within Eureka and can export findings to PDF.
Eureka DevSecOps Solution is a managed service that helps organizations incorporate security practices required to build and operate secure software as part of their DNA. This service involves a number of practices, processes, training secure software development life cycle (SDLC) requirements and produce more secure software.
By combining both Eureka DevSecOps Platform and Service gives you the people, processes and technology needed to achieve your secure application development and compliance goals, such as those recently introduced by the US government for developing secure software.
To learn more about Eureka DevSecOps Service, please visit our dedicated webpage.
Getting Started
Accordion Content
- Sign up for a free 30-day trial (no credit card required)
- Connect your GitHub account using OAuth
- Select repositories to scan
- Add the Eureka Radar CLI to your CI/CD pipeline or use our GitHub Action
- Configure your scanners and run your first scan
- Review ASVS-mapped results in the Eureka platform
Eureka Radar CLI is our open-source scanning orchestration agent. It’s an npm-installed tool that launches security scanners as Docker containers in your CI/CD pipeline and aggregates results. The CLI is free and available on GitHub. The Eureka platform (paid) provides the web UI, ASVS mapping, correlation, and tracking features.
Eureka Radar CLI is our open-source scanning orchestration agent. It’s an npm-installed tool that launches security scanners as Docker containers in your CI/CD pipeline and aggregates results. The CLI is free and available on GitHub. The Eureka platform (paid) provides the web UI, ASVS mapping, correlation, and tracking features.
Yes, you need to add the Eureka Radar CLI to your CI/CD pipeline. You can:
- Install it via npm and configure it in your pipeline
- Use our pre-built GitHub Action from the GitHub Marketplace (for GitHub Actions)
The Radar CLI runs scanners as Docker containers, so your CI/CD environment needs to support npm and Docker.
Eureka Radar CLI works in any CI/CD platform that supports npm and Docker. We provide tested configurations and setup guides for:
- GitHub Actions
- Azure DevOps Pipelines
- Jenkins
- GitLab CI
- TeamCity
- CircleCI
- Bitbucket Pipelines
Yes, you can run Eureka Radar CLI manually from the command line to scan your code. However, the primary value comes from automated scanning integrated into your CI/CD workflow.
Pricing & Billing
Accordion Content
Eureka costs $25 per active contributing user per month. An active contributing user is anyone who commits code to the repositories you’re scanning during the billing period. Read-only users and viewers are not charged.
We offer:
- Monthly billing at $25/user/month
- Annual billing with 10% discount ($270/user/year)
- 30-day free trial with no credit card required
The Eureka Radar CLI is free and open source. It provides command-line scanning orchestration with SARIF output but no web UI, ASVS mapping, correlation, or tracking features. The full Eureka platform with all features requires a paid subscription.
Everything:
- Built-in open-source scanners (SAST, SCA, secrets)
- Commercial scanner integration (bring your own licenses)
- AI-powered OWASP ASVS mapping
- Unified vulnerability view with correlation
- Native GitHub integration
- Eureka Radar CLI and GitHub Action
- PDF export and audit trail
- Email and community support
There’s only one plan – all features are included.
Yes, you can cancel your subscription at any time. If you’re on a monthly plan, you won’t be charged for the following month. If you’re on an annual plan, you’ll have access until the end of your paid period.
Security & Privacy
Accordion Content
Vulnerability data is stored securely in cloud infrastructure. We use industry-standard encryption for data at rest and in transit. Your source code is not stored by Eureka – only vulnerability findings and metadata are stored in the platform.
Eureka uses AI (powered by OpenAI’s API) for:
- OWASP ASVS mapping of vulnerabilities
- Enhanced vulnerability descriptions
We implement AI in a secure, privacy-preserving manner. Vulnerability data sent to AI services is anonymized and does not include your source code.
Eureka orchestrates security scanners that analyze your code in your own CI/CD environment. The scanners run in your infrastructure and send only the vulnerability findings (not your source code) to the Eureka platform.
Eureka is currently working toward SOC 2 compliance. While we implement security best practices and can help you demonstrate your own vulnerability management for compliance, we do not yet have our own SOC 2 certification.
Support
Accordion Content
All Professional plan subscribers receive:
- Email support
- Comprehensive documentation and setup guides
- Community support via GitHub (for Radar CLI)
Response times:
- Email support: 24-48 hours on business days
- Documentation: Self-service, available 24/7
For complex deployments or custom integration needs, we can connect you with our professional services partners. Contact us at [email protected] to discuss your requirements.
For complex deployments or custom integration needs, we can connect you with our professional services partners. Contact us at [email protected] to discuss your requirements.
Email us at [email protected] or open an issue on our GitHub repository for Radar CLI-related requests.
Technical
Accordion Content
Eureka supports vulnerabilities from scanners that cover 30+ languages including:
- Java, JavaScript/TypeScript, Python
- C#, .NET, C/C++
- Go, Ruby, PHP, Kotlin
- And many more depending on the scanners you use
Language support depends on which scanners you’ve configured. Our built-in scanners (OpenGrep, DepScan, Grype) support the most common languages and frameworks.
For complex deployments or custom integration needs, we can connect you with our professional services partners. Contact us at [email protected] to discuss your requirements.
Yes. You can configure multiple repositories within a single product in Eureka. Each repository can be scanned independently, and findings are aggregated at the product level.
Yes. You can update vulnerability states (e.g., mark as false positive, accepted risk, fixed) and filter/sort vulnerabilities by severity, ASVS category, status, and scanner type.