Turn security chaos into business-ready action.
HenKaiPan centralizes scans, findings, vulnerability intelligence, policy automation and AI-assisted remediation in one platform built for modern engineering and security teams.
See it in action
Explore the platform through screenshots of each core module.
Unified Dashboard
Real-time metrics, severity distribution and project-level risk overview.
Automated Scans
Scanner execution with queued queued job processing.
Finding Lifecycle
Triage workflow with SLA deadlines, ownership and status tracking.
Vulnerability Inventory
Grouped CVE view with affected assets and cross-project visibility.
Knowledge Center + AI
Curated guides and AI-generated remediation articles.
Executive Reports
Trends, risk scores and SLA compliance for leadership reviews.
Compliance Readiness
SOC 2 / ISO 27001 controls, evidence exports and audit logs.
Audit Log
Complete change history with who, what and when for every action.
Everything you need to ship securely
A complete security operations platform — from scan execution and finding management to policy automation, AI assistance and executive reporting.
Unified Dashboard
Single-pane visibility into your security posture with real-time metrics, severity distribution and recent activity.
- check_circleHealth metrics and trend visualization
- check_circleProject-level risk overview
Automated Scans
Scanner execution with queued queued job processing.
Finding Lifecycle
Correlated findings with credibility scores, SLA deadlines, triage workflow and status tracking.
Vulnerability Inventory
Grouped CVE view with affected assets and cross-project visibility.
Knowledge Center + AI
Curated remediation guides and AI-generated articles for faster triage and developer enablement.
- check_circleAI-powered remediation generation
- check_circleRule-specific guidance cache
- check_circleFinding summaries for repeats
Executive Reports
Trends, risk scores and SLA compliance metrics ready for leadership reviews.
Compliance Readiness
SOC 2 and ISO 27001 starter mode with control mapping, evidence exports and audit logs.
- check_circleFramework control mapping
- check_circleEvidence-friendly exports
- check_circleRisk acceptance workflow
Policy Automation
Auto-triage rules and suppression policies to reduce noise and enforce security standards.
Teams & Permissions
Role-based access control with users, teams and granular permissions.
Correlation + AI validation
Scanners don't work in isolation. HenKaiPan groups scans into batches, cross-references findings from the same scanner family, then applies AI validation to boost confidence and filter out false positives.
Scan Batching & Correlation
When you run a scan, multiple scanners of the same family execute together. Their findings are automatically correlated within the same batch to identify corroborated issues.
- check_circleSAST findings cross-referenced with SAST, secrets with secrets
- check_circleConfidence score increases with each corroborating scanner
- check_circleNo penalty when peers don't match — only positive corroboration
AI Validation Layer
After correlation, AI analyzes corroborated findings to estimate false-positive likelihood and assign a final credibility score.
Noise Reduction
Correlation + AI together dramatically reduce alert fatigue by surfacing only the most credible findings.
Built for security-conscious teams
Whether you're a small engineering team getting serious about security, or a security lead needing executive visibility — HenKaiPan adapts to your workflow.
Small Engineering Teams
Get security visibility without enterprise overhead. Set up your first project, run scans and start triaging findings in under 10 minutes.
- check_circleFast onboarding and setup
- check_circleOpinionated defaults that work
- check_circlePath to SOC 2 / ISO 27001 readiness
Security Leads
Executive dashboards, SLA tracking and compliance exports give you the credibility and visibility to drive security initiatives.
- check_circleExecutive-ready reporting
- check_circleAudit logs and evidence exports
- check_circleRisk acceptance workflow
Simple, transparent pricing
Start with the free self-hosted edition — no license key needed. Upgrade to cloud when you're ready for more.
Self-Hosted
Core ASPM on your infrastructure. Free forever — no license key required.
- check_circleAll scanner types — SAST, SCA, Secrets, IaC, DAST
- check_circleUnified dashboard & findings management
- check_circleVulnerability inventory
- check_circleKnowledge center + AI summaries (Ollama, free)
- check_circleBasic triage workflow
- check_circleDocker Compose & Kubernetes
- check_circleCommunity support
Pro Cloud
Managed SaaS — just sign in and go.
- check_circleZero infrastructure to manage
- check_circleAI remediation & summaries
- check_circleExecutive reports & trends
- check_circleIntegrations — Slack, GitHub, Jira
- check_circleScan scheduling & automation
- check_circleEmail notifications
- check_circlePriority support
For organizations
Full platform with advanced governance and dedicated support.
- check_circleEverything in Pro Cloud
- check_circlePolicies & auto-triage
- check_circleCompliance readiness (SOC 2, ISO 27001)
- check_circleAudit log & risk acceptance
- check_circleTeams & permissions
- check_circleSSO / SAML
- check_circleDedicated support
Open source projects?
HenKaiPan offers free licenses for open source projects. Send your request to [email protected] with details about your project.
SAST, SCA, secrets, IaC, DAST and container scanning unified.
Dashboard, scans, findings, vulns, knowledge, reports, compliance and more.
Ollama (free), OpenRouter, Cloudflare. Summaries free; remediation requires license.
Cloud SaaS, Docker Compose, or Kubernetes for production.
Ready to secure your applications?
Get a personalized demo and see how HenKaiPan can transform your security workflow.