Security posture for firmware review
Microfirm is built to protect firmware artifacts and scan results while giving teams practical vulnerability evidence for review.
Team boundary
Team access controls protect scans, findings, exports, billing, invites, and webhooks.
Untrusted firmware
Firmware uploads are validated, stored privately with signed URLs, and processed by scanner paths that are separate from the web dashboard.
Private artifacts
Artifacts use private buckets, team-specific object paths, short-lived upload links, and automatic expiration metadata.
Verified callbacks
Stripe and customer webhook requests are verified before they update billing or deliver scan events.
Operational audit
Security-sensitive actions produce audit records without exposing secrets, raw tokens, or firmware contents.
Built-in controls
- Magic-link authentication with team onboarding
- Team roles for owners, admins, and reviewers
- Tenant-aware data access
- Verified Stripe webhooks for billing state
- Rate limiting for sensitive authentication and invite paths
- Audit logging for access, billing, invite, and scanner actions
- Private object storage for firmware artifacts