mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-07-04 20:28:02 +02:00
docs: extend Keygraph company/platform disambiguation to docs and llms mirrors
Apply the same convention from the README pass across the rest of the repo content so the company and the product are never conflated: company -> "Keygraph", commercial product -> "the Keygraph platform". - docs/keygraph-platform.md: retitle "# Keygraph" -> "# Keygraph Platform" and refer to the product as "the Keygraph platform" throughout (the page is the platform overview, not a company page). - docs/coverage-roadmap.md, docs/safety.md: product references updated; the "Keygraph is not responsible for misuse" line stays as the company. - llms.txt / llms-full.txt: kept in sync with the README and docs they mirror, so the combined-context files don't reintroduce the conflation. No filenames changed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -20,4 +20,4 @@ This reduces speculative noise, but it also means Shannon does not aim to report
|
||||
|
||||
Planned coverage areas should continue to live in the repository's canonical roadmap document if one exists. The README should link to that document rather than carrying detailed roadmap history inline.
|
||||
|
||||
For organizations that need broader static and organizational coverage now, see [Keygraph](keygraph-platform.md).
|
||||
For organizations that need broader static and organizational coverage now, see [the Keygraph platform](keygraph-platform.md).
|
||||
|
||||
+10
-10
@@ -1,12 +1,12 @@
|
||||
# Keygraph
|
||||
# Keygraph Platform
|
||||
|
||||
Keygraph is the commercial continuous pentesting and AppSec platform for teams running security across many repositories, services, and environments. While Shannon is a local white-box pentesting CLI, Keygraph is a full platform: it combines parsed-code SAST, source-to-sink analysis, black-box and white-box agentic pentesting, verified remediation, CI/CD gating, SLA tracking, and reporting for security and compliance teams.
|
||||
The Keygraph platform is Keygraph's commercial continuous pentesting and AppSec platform for teams running security across many repositories, services, and environments. While Shannon is a local white-box pentesting CLI, the Keygraph platform is a complete AppSec system: it combines parsed-code SAST, source-to-sink analysis, black-box and white-box agentic pentesting, verified remediation, CI/CD gating, SLA tracking, and reporting for security and compliance teams.
|
||||
|
||||
This repository contains Shannon, the AGPL-3.0 open-source CLI for strictly white-box pentesting. Keygraph supports both white-box and black-box agentic pentesting and adds static analysis, finding management, remediation workflows, reporting, and enterprise deployment options.
|
||||
This repository contains Shannon, the AGPL-3.0 open-source CLI for strictly white-box pentesting. The Keygraph platform supports both white-box and black-box agentic pentesting and adds static analysis, finding management, remediation workflows, reporting, and enterprise deployment options.
|
||||
|
||||
## Who Should Consider Keygraph
|
||||
## Who Should Consider the Keygraph Platform
|
||||
|
||||
Keygraph is intended for organizations that need:
|
||||
The Keygraph platform is intended for organizations that need:
|
||||
|
||||
- Continuous AppSec coverage across many repositories and services
|
||||
- White-box pentesting when source code is available
|
||||
@@ -21,7 +21,7 @@ Keygraph is intended for organizations that need:
|
||||
|
||||
## Full Vulnerability Lifecycle
|
||||
|
||||
Keygraph is designed to cover the full vulnerability lifecycle, not only discovery:
|
||||
The Keygraph platform is designed to cover the full vulnerability lifecycle, not only discovery:
|
||||
|
||||
1. **Find** exploitable issues with white-box pentesting, black-box pentesting, SAST, SCA, secrets, IaC, container, and business logic testing.
|
||||
2. **Normalize** results into canonical findings so duplicate scanner outputs become one tracked vulnerability per repository.
|
||||
@@ -36,7 +36,7 @@ Keygraph is designed to cover the full vulnerability lifecycle, not only discove
|
||||
|
||||
Shannon is strictly white-box: it requires access to the target application's source code and repository layout.
|
||||
|
||||
Keygraph supports two pentesting modes:
|
||||
The Keygraph platform supports two pentesting modes:
|
||||
|
||||
- **White-box agentic pentesting**: Agents use source-code context to understand architecture, identify realistic attack paths, and validate exploitability against the running application.
|
||||
- **Black-box agentic pentesting**: Agents test deployed applications and APIs without source-code access, useful for third-party surfaces, production-like external validation, or environments where source access is unavailable.
|
||||
@@ -45,7 +45,7 @@ Both modes follow the same core principle: do not report what might be vulnerabl
|
||||
|
||||
## AppSec Coverage
|
||||
|
||||
Keygraph combines agentic pentesting with broader AppSec coverage:
|
||||
The Keygraph platform combines agentic pentesting with broader AppSec coverage:
|
||||
|
||||
- **Agentic SAST**: Code Property Graph analysis with LLM reasoning for data flow, context, and sanitization decisions.
|
||||
- **SCA with reachability**: Dependency vulnerability analysis that prioritizes issues reachable from application entry points.
|
||||
@@ -62,7 +62,7 @@ The result is a finding with proof of exploitability, source context when availa
|
||||
|
||||
## Enterprise Deployment
|
||||
|
||||
Keygraph supports enterprise deployment patterns for teams with strict data, model, and network requirements:
|
||||
The Keygraph platform supports enterprise deployment patterns for teams with strict data, model, and network requirements:
|
||||
|
||||
- **Self-hosted deployments** inside the customer's cloud or infrastructure
|
||||
- **Air-gapped deployments** for isolated environments
|
||||
@@ -75,7 +75,7 @@ Deployments can be designed so source code, scan results, prompts, completions,
|
||||
|
||||
## Capability Comparison
|
||||
|
||||
| Need | Shannon | Keygraph |
|
||||
| Need | Shannon | Keygraph platform |
|
||||
| --- | --- | --- |
|
||||
| Licensing | AGPL-3.0 | Commercial |
|
||||
| White-box pentesting | Yes; source code required | Yes; source-aware testing with platform workflows |
|
||||
|
||||
+1
-1
@@ -43,7 +43,7 @@ Shannon currently targets exploitable vulnerabilities in these classes:
|
||||
|
||||
Shannon's proof-by-exploitation model means it does not report issues it cannot actively exploit, such as many vulnerable dependency, insecure configuration, or broad policy findings.
|
||||
|
||||
For broader coverage, Keygraph adds black-box and white-box agentic pentesting, graph-based static analysis, SCA reachability, secrets detection, business logic testing, remediation workflows, SLA tracking, and reporting dashboards.
|
||||
For broader coverage, the Keygraph platform adds black-box and white-box agentic pentesting, graph-based static analysis, SCA reachability, secrets detection, business logic testing, remediation workflows, SLA tracking, and reporting dashboards.
|
||||
|
||||
## Cost and Performance
|
||||
|
||||
|
||||
Reference in New Issue
Block a user