Features / Sovereign and secure
Nodge is built for organizations that have to answer hard questions about where their software runs and how it got there. Security and sovereignty are part of the architecture, not an add-on.
The platform is self-hosted and EU-based, with no foreign dependencies in your runtime. Your cluster pulls everything from inside your own environment. Your code and your data stay yours.
Every image is scanned for secrets and known vulnerabilities, signed, and shipped with a software bill of materials and build provenance. You can prove what is running and where it came from.
Image signatures are checked before workloads run, so unsigned or tampered images are caught.
Running images are re-scanned on a schedule, so vulnerabilities disclosed after a build still surface against what you have deployed.
Builds flag disallowed licenses in your dependencies before they reach production.
Projects are network-isolated from each other by default, and build runners are separated per tenant, so one workload cannot reach another.
Encryption at rest, hashed credentials, brute-force defense, and strong security headers are standard across the platform.
Prove where your software runs, and where it came from.
The platform is self-hosted and EU-based, with no foreign dependencies in your runtime. Your cluster pulls everything from inside your own environment, and your code and data stay yours.
Every image is signed, and signatures are verified before workloads run, so unsigned or altered images are caught.
A software bill of materials and build provenance, alongside secret and vulnerability scans, so you can prove what is running and where it came from.
Running images are re-scanned on a schedule, so newly disclosed vulnerabilities still surface against what you have deployed.
Yes. Builds flag disallowed licenses in your dependencies before they reach production.
Projects are network-isolated by default, and build runners are separated per tenant, so one workload cannot reach another.
