Saltar a contenido

Sovereignty & self-hosting

Vex Raptor is built to run inside your own perimeter. Your targets, your findings, and your reports stay on infrastructure you control.

Why this matters

Many autonomous pentest products are cloud-only: you point them at your systems and your attack surface — and the resulting vulnerability data — leaves your environment. For regulated buyers (finance, healthcare, public sector, export-controlled IP) that is often a non-starter. Vex Raptor is designed for those environments.

Deployment model

The whole platform runs as a set of containers you host:

  • API — the application and web console
  • Worker — runs scans in a background process
  • PostgreSQL — persistent storage
  • Redis — queue, rate-limit/quota counters, shared scan state

See Docker Compose deployment.

Bring-your-own LLM

The AI depth uses a pluggable LLM provider so you are not tied to one vendor or forced to send data to a public API. Select the backend with VEX_LLM_PROVIDER:

Provider Notes
gemini Google Generative Language API
vertex Google Vertex AI (enterprise, no data training)
bedrock Amazon Bedrock
mistral Mistral AI (EU endpoints)
ollama Local models — zero egress, for on-prem / air-gapped

For a fully air-gapped run, use a local ollama model so no scan data leaves the host.

Data handling

  • Scans run against targets you configure and authorize.
  • Findings and reports are stored in your database.
  • Third-party enrichment (Shodan, VirusTotal, HIBP, OTX, NVD) only activates when you configure the corresponding API key, and degrades gracefully when not set.
  • Outbound requests are constrained by SSRF validation.

Air-gap

In an air-gapped deployment, use a local LLM (ollama), leave third-party enrichment keys unset, and serve the built docs (docs-site/site/) from your internal reverse proxy. External threat feeds and remote tracing should be disabled.