Skip to content

Security model

How Microfirm treats firmware, tenancy, webhooks, and audit events.

Firmware is untrusted input

Microfirm validates signed direct uploads, stores artifacts privately, and processes firmware through dedicated scanner paths.

Team separation

Team membership and workspace API tokens are the access boundaries for dashboards, billing state, scans, findings, exports, and webhooks.

Provider callbacks

Third-party callbacks such as Stripe webhooks are verified before they update workspace state, and customer webhook payloads are signed for recipient verification.

Need more help?

Contact support with the workspace name, invited email address, and route where the issue happened.

Email support