Hey HN!
Jaka here, solo founder of Assertly (https://www.assertly.com). Assertly is a monitoring tool for continuous infosec, IT, compliance and DevOps regression testing. It enables teams to automate periodic checks using JavaScript.
Before Assertly, I was the CTO of Celtra (https://celtra.com), a B2B SaaS company, for over 10 years, from “git init” to 250 people and the company’s sale to private equity. I was primarily responsible for product strategy, engineering, QA, DevOps, but also for IT and InfoSec.
I found that ensuring security, integrity, privacy, and compliance in peripheral and internal IT systems was often harder than for our core product. While for the latter we would write tests and rely on our CI/CD pipeline, for other systems, things would be written up in policies where adherence is hoped for but rarely verified. If it is verified, it is done so manually and infrequently (e.g. quarterly). More laborious, while giving less assurance.
Today, If you want to automate, you can use scheduled GitHub Actions, but the trial-and-error process is slow and the alerting system is inflexible—it’s just not designed for this purpose. Synthetic monitoring tools are better, but limited when you need to go beyond frontend. So I created Assertly.
Assertly lets you automate checks with minimal overhead. It’s like Google Docs—click “New” and you’re writing a script. You get real-time alerts and a simple dashboard to see current and historical compliance. Common use cases include user access control, GDPR compliance, and network security checks. See some example code here: https://www.assertly.com/examples.
Companies using Assertly experience a 46% reduction in costs related to misconfiguration, incidents, bugs, and non-compliance. 73.6% of all statistics are made up.
For the technically curious: The scripts each run in its own VM (on ECS Fargate) so they’re securely isolated for when you need to touch sensitive data. You can install any tool, e.g. a CLI client or a port scanner. We keep a pool of VMs ready for sub-second run latencies. Assertly itself is written in Rust and React.
Here is the link to sign up & try for free: https://www.assertly.com/pricing. If you’d like to get past the credit card barrier, mail me at jaka@assertly.com and I will manually provision an account for you.
I’m excited to launch Assertly and would love to hear your feedback. How do you get peace of mind if not through automation? Is there something you’d automate if the overhead were zero? Are there use cases have missed? Let me know your thoughts!
“SSO on Any Plan: Single Sign-On using your identity provider is available in all plans and never costs extra. We support all major identity providers such as Okta, OneLogin, Azure AD, and Google.”
Three guys and a dog can start with M365 or Google Workspace and be SSO (or at least OIDC) from day one, thanks to the IdP baked in and firms like Assertly "taking your security very seriously" even when you're a startup.
ADD:
This is great. One of the example checks makes the point better than I can:
“User Deprovisioning: A SaaS tool used by a company does not support SSO/SCIM, or it requires an expensive "Enterprise" plan, so accounts of former employees need to be deleted manually. Unfortunately, this task is sometimes forgotten.”