Frequently Asked Questions

ShieldOps AI is a DevSecOps platform that scans Dockerfiles, Docker images, and Kubernetes manifests in under 60 seconds. It detects vulnerabilities, misconfigurations, hardcoded secrets, and license risks, then generates an SBOM (Software Bill of Materials) and AI-powered fixes. Built in Cairo, trusted by DevOps and security teams worldwide.

Yes. The Free tier gives you 5 scans per day, full Dockerfile analysis, CVE detection, and SBOM export (CycloneDX + SPDX) with no credit card required. Paid plans start at $19/month per developer for unlimited scans, CI/CD integration, Kubernetes manifests, and team collaboration features.

A Software Bill of Materials (SBOM) is a machine-readable inventory of every package, library, and base layer inside your container image. ShieldOps AI auto-generates SBOMs in CycloneDX and SPDX formats, which are required by Executive Order 14028, the EU Cyber Resilience Act, and most enterprise procurement policies. It is also the fastest way to answer "are we affected by CVE-2024-XXXX?" during an incident.

Paste your Dockerfile into the web app or connect your GitHub/GitLab repo. The scanner runs a multi-layer analysis: (1) Base image CVE check against NVD, GHSA, and vendor advisories updated every 6 hours; (2) Dockerfile best-practice lint (NIST SP 800-190, CIS Docker Benchmark); (3) Hardcoded secret detection (50+ patterns); (4) License compliance scan; (5) AI-generated fixes you can copy with one click. Average scan time is 38 seconds.

Yes. On Pro and Team plans, you can paste or upload Kubernetes manifests (Deployment, StatefulSet, Pod, Service, Ingress, NetworkPolicy) and ShieldOps AI will check for: privileged containers, hostPath mounts, missing resource limits, missing securityContext, image pull policy mistakes, exposed secrets, and CIS Kubernetes Benchmark violations. Manifest scanning is included free during the 2026 launch year.

ShieldOps AI checks your containers against: NIST SP 800-190 (Application Container Security Guide), CIS Docker Benchmark v1.6, CIS Kubernetes Benchmark v1.8, SOC 2 (CC6.1, CC7.1, CC7.2), ISO 27001 (A.14.2.4, A.14.2.5), PCI DSS 4.0 (Requirement 6.3.3), HIPAA Security Rule (164.312), and the EU Cyber Resilience Act. Reports are exportable as PDF and JSON for auditors.

Your Dockerfiles and scan results are encrypted in transit (TLS 1.3) and at rest (AES-256). We never share your code with third parties. Paid plans offer data residency in the EU (Frankfurt) or US (Virginia). You can delete all scan history at any time from Settings, and we purge inactive accounts after 90 days. ShieldOps AI is SOC 2 Type II certified and GDPR compliant.

Yes. ShieldOps AI provides: (1) A official GitHub Action (shieldops-ai/scan-action) that blocks PRs with critical CVEs; (2) A GitLab CI template; (3) A Bitbucket Pipelines snippet; (4) A Docker CLI wrapper (shieldops scan) for any CI system; (5) A REST API + webhooks for Slack, Microsoft Teams, PagerDuty, and Jira. Setup takes under 5 minutes.

ShieldOps AI aggregates data from 9 authoritative sources: NVD, GitHub Security Advisories, OSV, Snyk, Trivy, Aqua, Docker Official Images, Alpine SecDB, and Debian Security Tracker. We deduplicate findings, rank by EPSS exploit prediction, and surface a false-positive rate below 4.2% (measured across 2.3M scans in 2025). Every CVE is linked to its primary source so you can verify independently.

Pro ($19/dev/month) is built for individual developers and includes unlimited scans, 1 connected Git repo, Kubernetes manifest scanning, CI/CD integrations, and 30-day scan history. Team ($49/dev/month) adds: unlimited connected repos, team-wide dashboards, role-based access control (RBAC), SSO via SAML 2.0, audit logs, priority support (4-hour SLA), and unlimited scan history with CSV/SIEM export.