Your code runs in an ephemeral, isolated scanner container on bare-metal infrastructure that Legion controls exclusively. The container is destroyed after each scan. No customer code persists on Legion servers. Each scan runs in its own Linux network namespace with a strict outbound-only egress allowlist.
Every finding is signed with an Ed25519 key before it leaves the scanner container. The public key is published at the address below and never changes between scans. You can verify any Legion report offline using openssl pkeyutl — no trust in Legion required.
Legion Secure shares no runtime infrastructure with any other Legion product. It has its own database, its own authentication tenant, its own execution plane, and its own secrets store. Cross-product coupling would be a security weakness Legion Secure cannot accept.