Skip to content

Security posture for firmware review

Microfirm is built to protect firmware artifacts and scan results while giving teams practical vulnerability evidence for review.

Team boundary

Team access controls protect scans, findings, exports, billing, invites, and webhooks.

Untrusted firmware

Firmware uploads are validated, stored privately with signed URLs, and processed by scanner paths that are separate from the web dashboard.

Private artifacts

Artifacts use private buckets, team-specific object paths, short-lived upload links, and automatic expiration metadata.

Verified callbacks

Stripe and customer webhook requests are verified before they update billing or deliver scan events.

Operational audit

Security-sensitive actions produce audit records without exposing secrets, raw tokens, or firmware contents.

Built-in controls

  • Magic-link authentication with team onboarding
  • Team roles for owners, admins, and reviewers
  • Tenant-aware data access
  • Verified Stripe webhooks for billing state
  • Rate limiting for sensitive authentication and invite paths
  • Audit logging for access, billing, invite, and scanner actions
  • Private object storage for firmware artifacts