GCP-NATIVE  ·  NIS2 & SOC2 READY  ·  PRIVATE BETA

Automated AppSec &
Compliance for Google Cloud

runred.ai connects your application source code with live GCP infrastructure context — discovering critical exposures, verifying every patch automatically, and generating audit-ready compliance logs. Zero manual effort.

Apply for Private Enterprise Beta See It In Action ↓
GCP Native· OWASP Top 10· NIS2 Article 21· SOC2 Type II· CVSS 3.1 Scoring

The Reality

A vulnerability scored MEDIUM in static analysis
becomes CRITICAL when your endpoint is public.

Traditional scanners operate in isolation. They read code. They don't know that your Cloud Run service is exposed to allUsers, that there is no VPC connector, or that a compromised parameter hits a Cloud SQL instance with no authorised networks restriction. runred does.

Live Simulation

From discovery to verified patch
in one automated pipeline.

runred — secure session · prod-api-2025

Capabilities

Three functions. One automated pipeline.

Context-Aware Scanning

Static analysis fused with live GCP infrastructure data — IAM bindings, network topology, Cloud Run ingress rules — to accurately score real-world risk, not theoretical risk.

  • Eliminates MEDIUM/CRITICAL misclassification
  • CVSS 3.1 scores adjusted for your live posture
  • Cloud Run, GKE, Cloud Functions coverage

Safe-Patch Verification

Every proposed fix is validated by an automatically generated integration test that first confirms the exploit, then confirms the patch closes it. No patch ships unverified.

  • Exploit-first test methodology
  • Regression coverage automatically included
  • Integrates with existing CI pipelines

Audit-Ready Compliance Logs

Every scan, finding, exploit test, and patch is written to an immutable audit trail in Cloud Logging — pre-formatted for NIS2, SOC2 Type II, and ISO 27001 evidence requirements.

  • NIS2 Article 21 evidence coverage
  • SOC2 CC6.8 / CC7.1 control mapping
  • One-click auditor export

Integration

Runs inside your existing developer workflow

runred.ai operates as an extension of your developer agent environment. No separate security toolchain. No context switching. It runs where code is written, using the GCP credentials already in scope.

01
Connect

Authorise runred against your GCP project. Read-only IAM access. No infrastructure changes required.

02
Scan

Trigger on commit, PR, or ad-hoc. runred scans your codebase and correlates findings against live GCP topology.

03
Remediate

Review the verified patch proposal. Confirm. The audit log is written automatically to Cloud Logging.

Compliance Coverage

Built for regulated industries

Compliance is an outcome, not a checklist. Every runred pipeline run generates traceable, timestamped evidence mapped to the specific control requirements auditors expect.

NIS2
Article 21 · Network & Application Security Measures
SOC2
CC6 / CC7 · Logical Access & Change Management
ISO 27001
A.12.6 · Technical Vulnerability Management
OWASP
Top 10 · Full CWE Mapping Included

Latest Intelligence

AppSec & compliance, explained.

Posts loading...
View all posts →
PRIVATE ENTERPRISE BETA — LIMITED ACCESS

Apply for early access

Open to all engineering teams running production workloads on GCP. Particularly useful if your organisation is subject to NIS2, SOC2, or ISO 27001 audit requirements.

No credit card required. Enterprise NDA available on request.