| layout |
default |
| title |
OpenCTEM CTEM Platform |
| nav_exclude |
true |
| search_exclude |
true |
Continuous Threat Exposure Management Platform
Unified Attack Surface Management & Vulnerability Management

Website | Platform | API Docs | Getting Started
OpenCTEM is an enterprise-grade Continuous Threat Exposure Management (CTEM) platform that helps security teams continuously monitor, assess, and remediate security risks across their digital infrastructure.
┌─────────────┐ ┌─────────────┐ ┌──────────────────┐ ┌─────────────┐ ┌──────────────┐
│ SCOPING │───▶│ DISCOVERY │───▶│ PRIORITIZATION │───▶│ VALIDATION │───▶│ MOBILIZATION │
│ │ │ │ │ │ │ │ │ │
│ Define your │ │ Find assets │ │ Rank by risk & │ │ Verify with │ │ Remediate & │
│ attack │ │ & exposures │ │ business impact │ │ scanning │ │ track tasks │
│ surface │ │ │ │ │ │ │ │ │
└─────────────┘ └─────────────┘ └──────────────────┘ └─────────────┘ └──────────────┘
| Category |
Features |
| Asset Management |
6 asset types (Domains, Websites, Services, Repositories, Cloud, Credentials) |
| Vulnerability Management |
Findings, CVE tracking, CVSS scoring, SLA policies |
| Scan Management |
Agents, Scan Profiles, Pipelines, Tool Categories |
| Multi-tenancy |
Teams, Role-based access (Owner/Admin/Member/Viewer) |
| Integrations |
SDK for custom tools, Agent for CI/CD, SCM connections |
| Security |
JWT/OIDC auth, CSRF protection, audit logging |
┌─────────────────────────────────────────────────────────────────────────────┐
│ OpenCTEM Platform │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Web UI │ │ REST API │ │ Database │ │ Cache │ │
│ │ (Next.js) │───▶│ (Go) │───▶│ (PostgreSQL)│ │ (Redis) │ │
│ │ Port 3000 │ │ Port 8080 │ │ │ │ │ │
│ └─────────────┘ └──────┬──────┘ └─────────────┘ └─────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────────────────┐ │
│ │ Agent / SDK Integration │ │
│ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────────────┐ │ │
│ │ │ Semgrep │ │ Trivy │ │ Gitleaks │ │ Custom Tools │ │ │
│ │ │ (SAST) │ │ (SCA) │ │ (Secrets) │ │ (SDK-built) │ │ │
│ │ └───────────┘ └───────────┘ └───────────┘ └───────────────────┘ │ │
│ └─────────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
# Clone repository
git clone https://github.com/openctemio.openctem.git
cd.openctem
# Configure
cd api && cp .env.example .env && cd ..
cd ui && cp .env.example .env.local && cd ..
# Start with Docker
docker compose up -d
| Component |
Technologies |
| Backend |
Go 1.25, Chi Router, PostgreSQL 17, Redis 7 |
| Frontend |
Next.js 16, React 19, TypeScript, Tailwind 4 |
| Auth |
JWT (local) / Keycloak (OIDC) |
| SDK |
Go SDK with Scanner/Parser/Collector interfaces |
| Repository |
Description |
| api |
Backend REST API (Go) |
| ui |
Frontend Application (Next.js) |
| sdk |
Go SDK for building tools |
| agent |
Security scanning agent |
| setup |
Deployment & Docker Compose |
| schemas |
CTIS JSON Schemas |
| keycloak |
Keycloak Configuration |
| docs |
Documentation (this repo) |
We welcome contributions! Please see:
If you find OpenCTEM useful, consider supporting the project:
BSC Network (BEP-20):
0x97f0891b4a682904a78e6Bc854a58819Ea972454
MIT License - see LICENSE