Skip to main content

32 Enrichment Data Sources

Our 5-phase pipeline gathers security intelligence from authoritative sources to build comprehensive, evidence-based assessments.

Data Pipeline Overview

Data Pipeline Flow

Domain Input

saas-app.com

32 Sources

5-phase enrichment

AI Analysis

Claude extraction

Security Score

9 dimensions

Assessment

Detailed report

5-Phase Enrichment Pipeline

Each assessment progresses through 5 phases, gathering data from multiple sources before AI analysis produces the final score.

DNS records
WHOIS lookup
SSL certificates
Security headers

All 32 Data Sources

Review Platforms

G2

User reviews, feature comparisons, security feedback

Capterra

Software reviews and ratings

Compliance Databases

CSA STAR

Cloud Security Alliance STAR Registry certifications

SOC 2 Registry

SOC 2 Type I/II attestation reports

ISO 27001 Database

ISO 27001 certified organizations

FedRAMP Marketplace

Federal authorization status for government use

Breach Databases

Have I Been Pwned

Historical breach data and compromised accounts

BreachDirectory

Data breach aggregation and analysis

Privacy Rights Clearinghouse

Chronology of data breaches

Public Documentation

Vendor Trust Centers

Official security pages and whitepapers

Security.txt

Vulnerability disclosure policies

Bug Bounty Platforms

HackerOne

Bug bounty program data

Bugcrowd

Crowdsourced security testing programs

Intigriti

European bug bounty platform

Technical Scanners

SSL Labs

TLS/SSL configuration analysis

Security Headers

HTTP security header analysis

Observatory by Mozilla

Website security scanner

Threat Intelligence

VirusTotal

Malware and threat detection

URLhaus

Malicious URL tracking

AlienVault OTX

Open threat exchange platform

Infrastructure Intelligence

Shodan

Internet-connected device search engine

Censys

Internet asset discovery and monitoring

DNSdumpster

DNS reconnaissance and research

Domain Intelligence

WHOIS

Domain registration and ownership data

Certificate Transparency Logs

SSL/TLS certificate issuance monitoring

AI Integration

Anthropic MCP Registry

Official Model Context Protocol servers

GitHub MCP Community

Community-built MCP servers

API Documentation

OpenAPI Directories

Public API specifications and docs

Vendor API Docs

Official API reference documentation

Vulnerability Databases

CVE Database

Common Vulnerabilities and Exposures

NVD

National Vulnerability Database

Snyk Vulnerability DB

Open source vulnerability database

Total Enrichment Sources
32
Source Categories
12

Quality Assurance: The Boss Test

Every claim must be defensible if questioned by the most skeptical executive.

Zero Fabrication

When data is unavailable, we show "Insufficient Evidence"

Source Everything

Every claim cites its enrichment source

Confidence Transparency

0.0-1.0 scores show assessment certainty

Evidence-Based

Verifiable facts, not opinions or marketing

Limitations

What We Don't Assess:

  • Internal Security Controls — Requires vendor access or on-site audits
  • Source Code Security — Proprietary codebases are not accessible
  • Physical Security — Handled by cloud providers (AWS, Azure, GCP)
  • Employee Background Checks — Confidential HR data

For deeper validation, request vendor security questionnaires (VSQs) directly.