Developer Docs

Documentation

Everything you need to deploy, configure, and get the most out of the EchelonGraph cloud security platform.

Quick StartAPI Reference

Get Started

🚀

Getting Started

Create your account, connect your cloud, and run your first scan in under 10 minutes.

  • Quick Start Guide
  • Connect AWS / GCP / Azure
  • Run Your First Scan
  • Invite Your Team
🔗

Integrations

Step-by-step guides for AWS, GCP, Azure, Okta SAML, OIDC, LDAP, and webhooks.

  • AWS IAM Role Setup
  • GCP Service Account
  • Azure App Registration
  • SSO & Webhook Setup
🔍

Scanning Tiers

Three tiers of visibility — agentless cloud scanning, network recon, and runtime telemetry.

  • Tier 1: EcheSky
  • Tier 2: EcheNet
  • Tier 3: EcheDeep
  • Comparison Matrix

Platform

📡

API Reference

REST API documentation — authentication, assets, blast radius, CVEs, alerts, compliance, and webhooks.

  • Authentication & Rate Limits
  • Assets & Cloud Accounts
  • Blast Radius & CVEs
  • Webhooks & Events
🏗️

Architecture

Platform architecture, data flow, tenant isolation, performance, and encryption.

  • Core Services
  • Data Flow Pipeline
  • Tenant Isolation
  • Performance & HA
☁️

Deployment

Deploy as SaaS, dedicated, or fully self-hosted with zero data egress.

  • SaaS / Dedicated / Self-Hosted
  • Kubernetes Support
  • Configuration
  • Self-Hosted Enterprise

Security & Compliance

🔒

Security

SSO, WebAuthn, MFA, RBAC, SCIM provisioning, encryption, and audit trail.

  • SSO & WebAuthn
  • MFA & RBAC
  • SCIM Provisioning
  • Encryption & Audit
📋

Compliance

17 frameworks (incl. NIST AI-RMF, EU AI Act, ISO 42001, MITRE ATLAS, OWASP LLM Top 10), live ≤30s re-scoring, evidence collection, and audit-ready reporting.

  • Supported Frameworks
  • SOC 2 & GDPR
  • Evidence Collection
  • Report Generation
🛡️

Data Sovereignty

Credential models, deployment options, BYOK encryption, and zero-egress self-hosted.

  • Credential Models
  • Self-Hosted Architecture
  • BYOK Encryption
  • Data Control

Enterprise

🏢

Tier 2 Self-Hosted Deployment

Deploy the Tier 2 scanner inside your infrastructure — Helm chart, Docker, BYOK encryption, air-gapped mode.

  • Installation (Helm & Docker)
  • Configuration Reference
  • Enterprise Features (License, BYOK)
  • Troubleshooting & Upgrading

Tier 3 Deployment & Customer Guide

Deploy the eBPF runtime agent on your cluster — zero-knowledge by design, BYOK KMS, cost vs. competitors, end-to-end security comparison.

  • Zero-Knowledge Architecture
  • Customer Responsibilities
  • Pricing & Cost Comparison
  • Security Comparison vs. Sysdig/Aqua/Falco/Wiz
🔓

Tier 3 ZK Decryption SDK Reference

Browser TypeScript SDK + Go SDK for customer-side decryption. AWS / GCP / Vault auth flows, error code reference, threat model.

  • Browser SDK (TypeScript)
  • Go SDK
  • Auth Flow per Provider
  • Wire Format & Threat Model
🩹

Auto-Remediation Architecture

Three deployment tiers (SaaS-side, Pull Request connector, agent-side full path), four delivery modes, and self-hosted GitHub Enterprise / GitLab support.

  • Tiers 1/2/3 Architecture
  • GitHub Enterprise Server (github.<corp>.com)
  • Self-hosted GitLab
  • Mode Decision Tree
  • Where Secrets Live