trust.legionsecure.ai
Trust Center

How Legion Secure handles your code.

Execution model

Your code runs in an ephemeral, isolated scanner container on bare-metal infrastructure that Legion controls exclusively. The container is destroyed after each scan. No customer code persists on Legion servers. Each scan runs in its own Linux network namespace with a strict outbound-only egress allowlist.

Signed reports

Every finding is signed with an Ed25519 key before it leaves the scanner container. The public key is published at the address below and never changes between scans. You can verify any Legion report offline using openssl pkeyutl — no trust in Legion required.

https://verify.legionsecure.ai/.well-known/phase1-attestation-pubkey.pem

Sub-processors

DigitalOcean
Compute and managed databases (US-East)
Cloudflare
Edge network, DDoS protection, Tunnel
Clerk
Admin authentication (separate tenant, standalone invariant)
Resend
Domain-validation transactional email
Sentry
Error tracking (no PII in error payloads)
Doppler
Secrets management
Tailscale
Admin SSH access to infrastructure

Standalone invariant

Legion Secure shares no runtime infrastructure with any other Legion product. It has its own database, its own authentication tenant, its own execution plane, and its own secrets store. Cross-product coupling would be a security weakness Legion Secure cannot accept.