The open-source modern SOC

Most security teams stitch together a dozen commercial products to cover the basics. The open-source modern SOC stack gets you the three capabilities that actually matter — finding real vulnerabilities, stopping them before they ship, and responding when something slips through — without the license bill.

How they fit together

foxguard runs on every save and every commit, catching hardcoded secrets, SQL injection, XSS, and other well-known patterns before code ever reaches production. It is the fast, cheap first line.

pwnkit picks up where static analysis stops. It drives an autonomous AI agent against running applications, chaining real exploits the way a human pentester would, and verifies every finding with a blind re-exploit to eliminate false positives. This is where real IDORs, auth bypasses, and business logic flaws get found.

opensoar is the response layer. When an alert fires — from your SIEM, from pwnkit, from anywhere — opensoar runs the Python playbook that triages, enriches, and resolves it. No YAML DSLs, no per-action billing, no vendor lock-in.

Why open source

• You can read every line of code that runs against your infrastructure.
• You can self-host, fork, and embed without license negotiations.
• You keep your data, your deployment, and your automation logic.
• You can contribute a rule, a playbook, or an integration and ship it the same day.

Get started

Each tool installs and runs on its own. Pick whichever one maps to your most painful gap today, and add the others as your stack matures.

• pwnkit.com — autonomous pentesting
• foxguard.dev — fast static scanning
• docs.opensoar.app — SOAR platform docs