Skip to content

How it Works

Security Reference Architectures Delivered as-Code

Automatically validate application architectures and designs as they’re being built with oak9.

Create, Apply, and Enforce Security Policies Automatically

oak9 Security as Code allows you to design, test, and deploy complex security reference architectures as-code, in your choice of programming languages, IaC’s, and cloud/multi-cloud environments.

Dynamic Security Delivered as-Code
Version controlled, modular, extensible, and automated. Apply security dynamically as your application changes, embedding intelligence natively in your developer workflows. Design, tailor, enforce, and scale security without the complexity.

Apply oak9 Pre-Built Security as Code Blueprints
Validate your application’s entire architecture against a comprehensive catalog of industry security reference architectures codified in oak9’s Security as Code framework. Immediately align with CSA, NIST, CIS, AWS, Azure and GCP best practices. Save 100’s of work hours building static policies in specialized languages.

Extend oak9 Security as Code Blueprints with Tython SDK
Quickly customize blueprints in Tython, the first open-source Security as Code framework and SDK. Use the programming languages, clouds, and IaCs you want. No more building and managing costly rules. Build and enforce security policies consistently across every workload.

Join the Community and Get Started
In less than 5 minutes integrate a project and start remediating the security of your application’s architecture. Sign up for oak9 Community Edition (free), get started with Tython, run a test, and publish to contribute to industry security best practices. Voila!

Remove Complexity, Scale Security


Security at Scale

Tailored guidance based on your application architecture and context.


Security Design Validation

A detailed meta-model of your environment to assess and fix gaps.


Multi-Cloud Environments

Choose your tech stacks, cloud service providers, and cloud native capabilities.


Open-Source Framework and SDK

Use the programming and IaC languages, or any combination thereof, you want.


Security Reference Architectures as-Code

Manage the lifecycle of your security reference architectures as-code.

Ditch Tedious Static Security Rules

Define security reference architectures as-code in the IaC and programming language you want. Instead of static policies, validate architectural properties and propose architectural changes.

Consistency, Repeatability, Version Control

Apply security consistently across multi-cloud environments, help security teams scale and force multiply.

Start Left, Then Shift Security Right
Ensure security is completely baked in starting with architecture design, across every development lifecycle stage.

A Security Architect in Your Pocket
Automated security feedback and remediation embedded as you build, test, and deploy cloud workloads.

Scale Security, Reduce Complexity
Secure large heterogenous technology environments to quickly scale security and force multiply.

Whiteboard Video

How oak9 Security as Code Blueprints Work

No cloud native workload is that simple. Context matters. Assess security holistically by analyzing all the resources of your cloud architecture and how they’re described.

Build + Test

Scale Cloud Native Security Across Applications

oak9 is a centralized pane of glass to manage the entire security and compliance of every workload rather than having point-policies across the board. Purpose-built to support multi-cloud environments so that your organization’s security policies are applied consistently to all cloud workloads, regardless of programming language, Infrastructure as Code languages, and clouds.