Single-tenant deployment
The product is delivered as a Docker Compose stack the customer runs on their own infrastructure. There is no managed SaaS version.
Compliance On DemandMenu
Compliance On Demand is built for teams that cannot put scan credentials, compliance evidence or generated documents into a multi-tenant SaaS control plane. The customer runs the stack, pins releases and keeps evidence inside their own boundary.
What this page covers
Specific product capability, without vague compliance automation claims.
Run compliance, posture scans, vendor risk, local AI and audit evidence inside a single-tenant deployment you control.
Local-first AI option
Policy drafting, report generation and questionnaire support can use the bundled Ollama and Gemma option instead of a third-party LLM.
Air-gapped operation
Offline release bundles, air-gapped mode and offline licence attestations support controlled or disconnected environments.
Operational proof
What buyers and assessors should be able to verify.
These are the concrete operating claims this page should support in search results, sales calls and evaluator conversations.
01
Cloud credentials and generated documents stay on customer hosts
02
Images are cosign-signed and releases can be pinned to an exact version
03
SPDX SBOMs support supply-chain review
04
Diagnostics and backup tooling are designed for self-hosted operations
Questions
Common questions about self-hosted grc.
Is there a managed SaaS version?
No. Compliance On Demand is designed as a self-hosted single-tenant product so sensitive assurance data remains in the customer's boundary.
Can it run in an air-gapped environment?
Yes. The product supports air-gapped mode, offline release bundles and offline licence attestations for controlled deployments.
Product briefing
Bring this assurance work into a self-hosted product review.
Share your deployment boundary, frameworks and evidence workflow, and we will talk through fit without generic compliance theatre.