👋 New here? Take the 5-step tour — fleet to live findings in under 5 min.
Start tour

🔔 Recent activity

Loading…

Vendor risk

Track third-party vendors (cloud providers, SaaS, hardware suppliers, MSPs) and their security attestations. Auditors care about fourth-party risk; SOC 2 CC9 and ISO 27001 A.5.19 / A.5.20 / A.5.22 ask for it explicitly.

Total vendors
High residual
Critical residual
Expiring < 60d
VendorCategoryCriticality ResidualAttestations
Loading...

Trust note: vendor records live in $SC_DATA_DIR/vendor_risk.json — local file, never transmitted.