Firmware is untrusted input
Microfirm validates signed direct uploads, stores artifacts privately, and processes firmware through dedicated scanner paths.
Team separation
Team membership and workspace API tokens are the access boundaries for dashboards, billing state, scans, findings, exports, and webhooks.
Provider callbacks
Third-party callbacks such as Stripe webhooks are verified before they update workspace state, and customer webhook payloads are signed for recipient verification.
Need more help?
Contact support with the workspace name, invited email address, and route where the issue happened.
Email support