{scd}
scd-server

Team visibility for every scan,
every developer

Self-hosted dashboard that aggregates security findings across all repositories and developers. Exception approval, compliance reports, and AI-powered deep analysis — running in your own infrastructure.

Get started → ← Back to scd CLI
connecting to scd-server
$ scd configure --central-url http://scd.company.internal:3000
✔ Central URL configured
$ scd configure --token <api-token>
✔ Token saved
$ scd doctor
✔ CLI v1.4.0
✔ Git hooks active (pre-commit + pre-push)
✔ scd-server connected — team dashboard ready
Team (Premium) · 3 active developers · 4 repositories
What scd-server adds

From individual scans to
team security intelligence

scd-server picks up where the CLI leaves off — every developer's scans flow automatically to a central dashboard, without any code leaving your network.

📊

Team dashboard

All findings from all repositories and all developers in one place. Drill down by rule, repository, or developer. See which repos are improving and which need attention.

Aggregated view
📈

Trend analysis

12-week rolling view of your team's security posture. Track whether CRITICAL and HIGH findings are trending up or down over time. Evidence for management reporting and compliance audits.

12-week rolling
🧠

Knowledge gap analysis

Identifies which OWASP categories your team repeatedly introduces. Links directly to the Training Add-on — targeted learning based on actual findings, not generic curricula.

OWASP-mapped

Exception approval

Developers request risk acceptance by finding ID. Team leads review and approve or reject with a documented reason. Every decision tracked, hash-bound to the code — re-approval required if the code changes.

Audit trail
📋

CRA Compliance Report

Ready-made documentation for EU Cyber Resilience Act conformity assessments. Generated from real scan data — not a template. Printable to PDF for formal submissions.

CRA · NIS2
🔔

Notifications

In-dashboard inbox for all roles. Discord webhook and SMTP email for critical findings, license events, and team alerts. External channels receive summaries only — no file paths or internal detail.

Dashboard · Discord · Email
Exception approval workflow

Documented risk decisions,
not commented-out code

Every risk acceptance is tracked by finding ID, hash-bound to the relevant code, and auditable — never buried in a comment that outlives its context.

👩‍💻

Developer

Runs scd accept <finding-id> --reason "...". Request pushed to scd-server.

📋

scd-server

Exception queued for review. Visible in team lead's dashboard inbox with full finding context.

👔

Team lead

Reviews finding, approves or rejects with a documented reason. Rejected exceptions include the fix requirement.

🔄

scd sync

Developer pulls the decision. Next scan shows approved exceptions as handled, rejected ones as requiring action.

If the code changes, the exception hash no longer matches — re-approval is required automatically
Deep Analysis Pack
  • Real issue or false positive?AI confirms whether the finding is an actual vulnerability or a pattern match without real risk
  • Attack scenarioConcrete description of how the vulnerability could be exploited in your specific context
  • Exact fixCode-level fix suggestion for the specific finding — not generic advice
  • Local AI provider coming soonFully offline deep analysis — runs inside your network, nothing leaves
  • Cloud via Claude APIMaximum analysis depth. Only triggering line + 8 lines context sent — never whole files

AI analysis that
respects your privacy

Deep Analysis runs inside scd-server — the CLI is just a transport layer. Every analysis result records code_left_environment, giving you a per-finding audit trail for compliance documentation.

AI providers are plugin-based: cloud and local providers are supported, and the architecture allows additional providers to be integrated. As the ecosystem grows, new providers can be added without changes to the rest of your setup.

Triggered with scd scan --deep. Without scd-server, the flag prints a subscription prompt and exits cleanly — no functionality changes in the free tier.

Cloud: Claude API Local AI provider (coming soon) Plugin-based providers code_left_environment: false
Architecture

Your infrastructure,
your control

scd-server runs as a lightweight Node.js process on a VM inside your network. No data — findings, scan results, developer activity — ever reaches Activemind's servers.

👨‍💻

Developer

Runs scd scan. Results stored in ~/.scd/ and queued for push.

📡

Push queue

Findings pushed to scd-server automatically. Works offline — queue flushes on reconnect.

🖥️

scd-server

Your VM, your network. SQLite database. Dashboard on :3000. No cloud dependency for core features.

🤖

AI (optional)

Claude API — available today, controlled per-repo by trust level.

Coming soon — Local AI provider, running fully inside your network.

The only external connection is a 24h license heartbeat to api.securecodebydesign.com — documented in the integrity manifest
Connecting the CLI

One configuration.
Every developer connected.

Once scd-server is running inside your infrastructure, each developer connects their CLI with two commands. After that, every scan is pushed automatically — no manual steps needed.

Use scd doctor to verify the connection at any time. If the server is temporarily unreachable, the push queue holds events and flushes automatically when connectivity is restored.

Full setup guide in docs →
developer setup
# Point the CLI at your scd-server
$ scd configure --central-url http://scd.internal:3000
# Authenticate with your API token
$ scd configure --token <token-from-admin-ui>
# Push any existing scan history
$ scd sync --history
# Verify everything is connected
$ scd doctor
Get started

Ready to give your team
full visibility?

Contact Activemind to discuss setup, pricing, and a guided onboarding for your team. The first month includes an onboarding workshop.

✉️
Email Activemind info@activemind.se
🌐
Activemind Solutions AB activemind.se

Pilot pricing available for the first five customers. Ask about founder pricing.