Every feature you need to run a secure, supported application
Frameworx combines managed hosting, AI-assisted security scanning, ticketing, OS update management, and remediation workflows in one cohesive platform built for teams that care about quality.
Deploy your application on secure, managed infrastructure
Frameworx provisions and manages the infrastructure for your web application. You describe your app, choose your service mode, and Frameworx handles the rest — from runtime configuration to network policies, security defaults, and monitoring setup.
- Web apps, APIs, mobile backends, SaaS tools, e-commerce, and internal tools
- Isolated per-tenant environments with strict access controls
- Automated provisioning through the Frameworx admin dashboard
- Runtime health checks configured from day one
- App-level security policies applied at creation
- Manual approval process ensures platform fit before deployment
Reliable, monitored hosting you can trust
Your app runs on secure, monitored infrastructure with automated health checks, incident tracking, and self-healing capabilities. Frameworx manages availability so you don't have to.
Managed Infrastructure
Frameworx provisions and manages the runtime environment for your application. We handle uptime, resource allocation, and operational health — you handle product.
Continuous Health Checks
Real-time health monitoring with configurable check intervals. When a check fails, Frameworx logs the incident, attempts automated recovery, and escalates if needed.
Self-Healing Workflows
Before paging anyone, Frameworx attempts automated recovery — restarting services, clearing locks, or reverting recent changes. Reduce downtime without adding on-call burden.
Built-in support that adapts to your team's structure
Every Frameworx application can have a fully integrated support ticketing system. Routing adapts to your service mode — Managed Copilot or Self-Managed — so your users always have a clear path to resolution.
Integrated Ticket Management
Full-featured ticketing with status tracking, comments, history, and assignment. Tickets route automatically based on your service mode — no manual configuration required.
- User-submitted and admin-submitted tickets
- Status tracking: open, in progress, resolved, closed
- Comment threads with timestamps and attribution
- Full ticket history for audit purposes
Managed Copilot Routing
On Managed Copilot plans, support tickets are routed to the Frameworx platform team. We diagnose issues, apply fixes, and keep your users informed — often resolving issues before they escalate.
- Frameworx staff receive and review every ticket
- AI-powered initial analysis for faster triage
- You see everything; we handle the resolution
- Target: 4h response for critical, 24h for standard
Self-Managed Routing
On Self-Managed plans, tickets go to your designated tenant admin users. Your team owns triage, resolution, and communication. Frameworx provides the tooling and visibility.
- Tickets assigned to your tenant admin group
- Role-based visibility and assignment controls
- Internal notes separate from customer-facing responses
- Escalation paths configurable per ticket type
AI-Powered Ticket Analysis
Every ticket receives immediate AI-powered analysis suggesting likely root causes and remediation steps. Your team — or ours — never starts from zero.
- Automatic categorization and priority suggestion
- Root cause hypothesis based on app context
- Linked scan findings and recent changes surfaced
- Plain-language remediation suggestions
Managed Copilot vs Self-Managed — your choice, always
The service mode you choose determines who handles day-to-day operational tasks. Both modes run on the same secure Frameworx infrastructure with the same tooling.
Managed Copilot
We handle the operational work
- Frameworx staff review and resolve support tickets
- Our team manages security remediation end-to-end
- We monitor scan findings and plan patches
- Updates applied after internal review — you are notified
- AI analysis combined with human verification
- Ideal for founders, small teams, non-technical operators
Self-Managed
Your team owns the workflow
- Your tenant admin users triage and resolve tickets
- Your team reviews scan findings and approves patches
- Full access to the remediation dashboard and tooling
- Approval gates before any action is executed
- Frameworx handles platform infrastructure underneath
- Ideal for teams with internal IT or DevOps capabilities
Enterprise-grade security controls, on by default
Every app on Frameworx ships with a hardened security baseline. You don't have to think about these — they're enforced from day one and configurable per-app or per-tenant.
Multi-Factor Authentication
MFA is enforced for all user accounts by default. TOTP-based authentication with backup codes. Administrators can require MFA re-verification for sensitive actions.
Brute-Force Protection
Automatic account lockout after 5 failed login attempts. Progressive delays between attempts. IP-based rate limiting on all authentication endpoints.
Role-Based Access Control
Fine-grained RBAC with configurable roles per application. Principle of least privilege enforced by default. Audit logs capture every permission change.
Session Management
Configurable session timeouts with secure, server-side session storage. Ability to invalidate all active sessions globally. No persistent tokens stored in client-side storage by default.
Geo-IP & IP Allowlisting
Restrict access to specific countries or CIDR ranges. Block access from known malicious IP ranges. Configurable per-app or platform-wide.
Security Headers
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy applied to all responses. TLS 1.3 enforced. HTTP Strict Transport Security with long max-age.
Continuous vulnerability detection and classification
Frameworx continuously scans your application's dependencies, containers, and infrastructure for known vulnerabilities. Every finding is classified by severity and linked to a remediation action.
CVE & Dependency Scanning
Real-time monitoring for newly published CVEs across your dependency tree. Matches your installed package versions against known vulnerability databases.
- Dependency vulnerability detection across all major package managers
- Container image scanning for base OS and installed packages
- CVE severity classification: low, medium, high, critical
- Historical finding tracking with remediation status
Findings Dashboard
All detected vulnerabilities are surfaced in a unified findings dashboard. Filter by severity, status, and affected component. Link findings directly to remediation workflows.
- Unified view across all apps and tenants
- Filterable by severity, component, and status
- Each finding includes CVE details and impact assessment
- Remediation status tracked through resolution
Never miss a critical security patch
Unpatched software is the most common attack vector. Frameworx continuously scans your app's infrastructure for available OS and package updates, classifies their risk, and provides a controlled workflow for applying them.
Scan
Scheduled or on-demand scans detect all available OS and package updates for your app's runtime environment.
Classify
Each update is classified by risk level — low, medium, high, or critical — based on CVE data and package change history.
Review
You (or the Frameworx team on managed plans) review proposed updates and approve or reject each batch before anything is applied.
Apply
Approved updates are applied through a controlled rollout with post-apply health check validation and rollback capability.
Auto-apply available: For teams who want truly hands-off patching, you can opt into automatic application of low-risk updates. Critical and high-severity updates always require explicit approval.
Code review that understands context, not just syntax
Powered by Claude, Frameworx's code scanning engine goes beyond pattern-matching. It understands what your code is doing — the logic, the data flows, the authentication boundaries — and flags issues that traditional static analysis misses.
- Deep semantic analysis of application code and configuration
- Detects SQL injection, XSS, CSRF, and authentication flaws
- Identifies insecure data handling and privilege escalation paths
- Surfaces logic errors that create exploitable conditions
- Fix suggestions written in plain language with full context
- Optional auto-remediation with explicit approval required
- Schedulable scans or triggered on code deployment
From detection to resolution — with full control
Every scan finding and vulnerability generates a structured remediation plan. Whether you're on a managed or self-managed plan, nothing is applied without an approval gate. You always know what's happening to your app.
Automatic Finding Triage
When a scan completes, findings are automatically classified by severity and type. Each finding is matched to known remediation patterns and an action plan is generated — ready for review.
Approval Gate Workflow
Every remediation action — whether a patch application, code fix, or configuration change — requires explicit approval before execution. You review the proposed change, its risk assessment, and expected outcome.
Auto-Remediation (Opt-In)
For teams that prefer a hands-off approach to low-risk patches, Frameworx supports automatic remediation with explicit opt-in per risk level. Critical issues always require manual approval.
Full Remediation Audit Trail
Every remediation action is logged with the actor, timestamp, approved change, and execution result. The audit trail is immutable and available for review at any time.
Know the health of your app at all times
Frameworx monitors the health of your application continuously. When something goes wrong, self-healing workflows attempt automated recovery before human escalation. You're always informed, rarely interrupted.
Real-Time Health Checks
Configurable HTTP, TCP, and process health checks run on your defined schedule. Check failures are logged immediately and trigger the recovery workflow.
Self-Healing Recovery
Before notifying anyone, Frameworx attempts automated recovery: service restarts, cache clears, connection pool resets. Structured recovery reduces mean time to resolution.
Incident History & Timeline
Every incident is recorded with a full timeline: when it started, what was attempted, when it resolved. Use incident history to identify patterns and recurring issues.
Full administrative visibility and control
Frameworx provides comprehensive admin dashboards for managing every aspect of your platform presence — users, roles, billing, security policies, and operational settings.
Admin Dashboard
Centralized view of all apps, users, tickets, scan findings, and health status. Everything your operations team needs in one place.
User & Role Management
Create and manage users with fine-grained role assignments. Tenant-level roles separate from platform admin roles. Full invitation and offboarding workflows.
Audit Log
Every admin and user action logged with actor, IP address, user agent, and outcome. Filter and export audit logs for compliance and investigation.
Billing via PayPal
Subscription billing through PayPal. Monthly and daily billing intervals available. View invoice history, update payment details, and manage subscription from the admin panel.
Security Policy Settings
Adjust MFA requirements, session timeout durations, rate limiting thresholds, IP allowlists, and geo-restrictions per app or across your entire tenant.
Findings & Remediation Hub
Unified view of all open security findings, pending updates, and active remediation plans. Approve, reject, or escalate from a single interface.
Your brand, your domain — we handle the SSL
Frameworx supports custom domains with full SSL provisioning via ACME through Nginx Proxy Manager. Point your domain to Frameworx, and we handle certificate issuance, DNS validation, renewal, and proxy routing automatically.
- Custom domain configuration per application
- Automated SSL certificate issuance via ACME (Let's Encrypt)
- Automatic certificate renewal before expiry
- Nginx Proxy Manager integration for routing and headers
- HTTPS enforced — HTTP redirected automatically
- Multiple domains or subdomains per application supported
Industry-standard static analysis, built in
Semgrep is one of the most trusted static analysis tools in security engineering. Frameworx runs Semgrep directly on your project code — which lives isolated on our server per tenant and project — with a wide choice of rulesets.
- Code lives isolated per tenant and project on Frameworx infrastructure
- On-demand or scheduled automatic scans
- Selectable rulesets: OWASP Top 10, secrets, security-audit, language-specific packs
- Findings mapped to severity (critical, high, medium, low)
- Each finding links to the exact file and line number
- Results feed directly into the findings and remediation workflow
- Works alongside Claude Code scans for comprehensive coverage
Use your own API keys — per tenant, per project
Bring your own Claude API key (or any other service key) and associate it per project. Keys are stored encrypted, masked in the UI, and validated with a one-click test before use. You're never locked into Frameworx's API quota.
Per-Tenant Storage
Store multiple API keys per tenant. Label them by name and service type so your team knows which key is for what.
Encrypted at Rest
All API keys are encrypted before storage. The full key value is never exposed after saving — only a masked preview (sk-ant-****xxxx) is shown.
One-Click Validation
Test any stored key against the live API with a single click. Instant feedback tells you if the key is valid and active before you use it in a scan.
Per-Project Association
Assign a specific API key to a specific project. Claude Code scans and AI-powered analysis use that project's key automatically.
Audit Trail
All key creation, deletion, and validation events are recorded in the audit log with actor and timestamp for compliance and security review.
Easy Rotation
Rotate API keys without disrupting running scans. Update a key's value and re-validate — all associated projects use the new key immediately.
Grow without migrating — add to your plan as you scale
When your project outgrows its current plan, you don't need to migrate platforms or re-provision your stack. Request a plan upgrade directly from the billing portal — our team reviews and processes it within 24 hours with no downtime.
- Request an upgrade from the billing dashboard in one click
- Upgrade reviewed and processed by the Frameworx team within 24 hours
- No data migration, no downtime, no re-configuration
- Add more projects, domains, users, or scanning capacity
- Upgrade creates a support ticket for full audit trail
- Switch between Managed Copilot and Self-Managed at any time