ThreatWeaver supports two deployment models to meet different security, compliance, and operational requirements.
Deployment Comparisonβ
| SaaS (Cloud-Hosted) | On-Premises (Dedicated) |
|---|
| Hosted by | BluCypher (managed infrastructure) | Customer's infrastructure |
| Setup time | Same day -- account provisioned in minutes | 1--2 weeks (infrastructure + configuration) |
| Data location | BluCypher-managed cloud (Render + Supabase) | Customer's own data center or private cloud |
| Updates | Automatic -- always on the latest version | Customer-managed update schedule |
| Multi-tenant | Yes -- schema-per-tenant isolation | Single-tenant (one customer per instance) |
| Infrastructure management | None -- BluCypher handles everything | Customer manages servers, database, backups |
| Ideal for | Most organizations, MSSPs, fast deployment | Regulated industries, government, air-gapped networks, strict data residency |
| Database | PostgreSQL (Supabase, managed) | PostgreSQL (customer-managed) |
| Cost model | Subscription (predictable monthly/annual) | License fee + customer infrastructure costs |
SaaS Deployment (Recommended)β
The SaaS deployment is the fastest path to value. BluCypher manages all infrastructure, and customers access ThreatWeaver through a web browser.
What Is Includedβ
- Full platform access -- all modules based on license tier
- Managed infrastructure -- backend, database, caching, and AI services
- Automatic updates -- new features and security patches deployed continuously
- Multi-tenant isolation -- each customer gets a dedicated database schema with row-level security
- 99.9% uptime SLA (Enterprise tier)
- Encrypted data at rest and in transit -- AES-256 and TLS 1.2+
Setup Timelineβ
| Step | Duration |
|---|
| Account provisioning | Minutes |
| Tenant configuration (modules, users, branding) | 1--2 hours |
| Tenable.io sync setup (if using Exposure Management) | 30 minutes |
| First AppSec scan | 15 minutes after target configuration |
| Full onboarding with training | 1--2 business days |
Data Residencyβ
SaaS data is hosted in the BluCypher cloud environment. For customers with specific data residency requirements (EU, Australia, specific regions), on-premises deployment provides full control over data location.
On-Premises Deployment (Dedicated)β
The on-premises option deploys ThreatWeaver entirely within the customer's infrastructure. All data stays inside their network boundary.
What Is Requiredβ
| Component | Requirement |
|---|
| Server | Linux server (Ubuntu 20.04+ or equivalent) with 4+ CPU cores, 16+ GB RAM |
| Database | PostgreSQL 14+ |
| Runtime | Node.js 18+ |
| Network | Outbound HTTPS for AI features (optional) and license validation |
| Docker | Required for distributed scan sensors |
Setup Timelineβ
| Step | Duration |
|---|
| Infrastructure provisioning | 2--5 business days (customer responsibility) |
| ThreatWeaver installation and configuration | 1--2 business days (BluCypher engineering support) |
| Database migration and seeding | 1--2 hours |
| Tenable.io integration setup | 30 minutes |
| User provisioning and SSO configuration | 1--2 hours |
| Training and validation | 1--2 business days |
| Total | 1--2 weeks |
Offline Capabilitiesβ
- All scanning, vulnerability management, and reporting functions work without internet
- AI Labs features (fix plans, executive summaries) require outbound access to an LLM provider (Anthropic or OpenAI) -- or a locally-hosted LLM (roadmap)
- License validation requires periodic outbound connectivity
Distributed Scan Sensorsβ
Both deployment models support distributed scan sensors for testing applications inside private networks.
How It Worksβ
- Sensors deploy as Docker containers inside the customer's network
- Communication is outbound-only via encrypted WebSocket tunnels (port 443)
- No inbound firewall rules or VPN required
- Sensors receive scan instructions from the platform and return results
- Enrollment uses cryptographically signed tokens with per-tenant scoping
Sensor Use Casesβ
| Scenario | How Sensors Help |
|---|
| Scanning staging environments | Deploy a sensor in the staging VPC; scan pre-production apps before release |
| Private API testing | Test internal APIs that are not internet-accessible |
| MSSP client scanning | Each MSSP client gets a dedicated sensor in their network |
| Compliance-driven scanning | Data never leaves the customer's network -- only finding metadata is transmitted |
Support Tiersβ
| Starter | Pro | Enterprise |
|---|
| Email support | Business hours | Business hours | 24/7 |
| Response time (critical) | 24 hours | 8 hours | 2 hours |
| Response time (standard) | 72 hours | 24 hours | 8 hours |
| Dedicated CSM | No | No | Yes |
| Onboarding assistance | Documentation | Guided setup call | Dedicated onboarding engineer |
| Training | Self-service docs | 2 training sessions | Unlimited training sessions |
| SLA | Best effort | 99.5% uptime | 99.9% uptime |
| Custom integrations | Not included | Limited | Included |
| Quarterly business reviews | No | No | Yes |
Integration Optionsβ
ThreatWeaver integrates with existing security and IT operations tooling.
Vulnerability Data Sourcesβ
| Integration | Direction | Purpose |
|---|
| Tenable.io | Inbound sync | Asset and vulnerability data import |
Ticketing and Workflowβ
| Integration | Direction | Purpose |
|---|
| Jira | Bi-directional | Create and track remediation tickets |
| ServiceNow | Bi-directional | Create and track remediation tickets |
Notification and Alertingβ
| Integration | Direction | Purpose |
|---|
| Slack | Outbound | Scan completion and finding alerts |
| Microsoft Teams | Outbound | Scan completion and finding alerts |
| PagerDuty | Outbound | Critical vulnerability escalation |
| Email (SMTP) | Outbound | Notification delivery |
| Custom Webhooks | Outbound | Any HTTP endpoint for event-driven automation |
CI/CD Pipelineβ
| Integration | Direction | Purpose |
|---|
| GitHub Actions | Bi-directional | Trigger scans, receive results, gate pipelines |
| GitLab CI | Outbound | Pipeline correlation |
| Generic CI/CD | Outbound | Webhook-based scan triggering |
Identity Providersβ
| Integration | Direction | Purpose |
|---|
| SAML/SSO | Inbound | Single sign-on authentication |
| Active Directory | Inbound | Identity risk assessment (Identity Security module) |
| Entra ID (Azure AD) | Inbound | Identity risk assessment |
| Okta | Inbound (planned Q3 2026) | Identity risk assessment |
| Google Workspace | Inbound (planned Q3 2026) | Identity risk assessment |
| Format | Use Case |
|---|
| PDF | Executive reports, compliance documentation |
| HTML | Styled reports for stakeholder distribution |
| JSON | Machine-readable data for custom tooling |
| SARIF 2.1.0 | GitHub Code Scanning integration |
| CSV | Spreadsheet analysis and custom reporting |
Frequently Asked Questionsβ
Q: Can we start with SaaS and move to on-premises later?
Yes. Your data can be exported and migrated to an on-premises instance. BluCypher provides migration assistance for Enterprise customers.
Q: Can scan sensors work without internet access?
Sensors need outbound connectivity to the ThreatWeaver platform (SaaS or on-premises instance). They do not need direct internet access -- only access to the ThreatWeaver backend endpoint.
Q: What happens if the SaaS platform is down?
Scan sensors continue queued work locally and sync results when connectivity is restored. Enterprise tier includes a 99.9% uptime SLA.
Q: Can we host in our own cloud (AWS/Azure/GCP)?
Yes. The on-premises deployment option supports customer-managed cloud infrastructure. BluCypher provides deployment documentation and engineering support.
Q: What is the minimum deployment for evaluation?
SaaS deployment with a Pro trial -- fully functional, no infrastructure setup required, available same day.