New Sciple is live. Connect your AWS in 10 minutes and explore the platform with a sandbox workspace. Book a demo
sciple

What the platform manages

Sciple is one product, not nine. This page walks through what each surface area handles and how it relates to the others. Everything below is shipped today.

I Your Team Who uses the platform Developers Platform engineers Security Operations Audit Leadership operate · observe · govern II Sciple Platform 01 CATALOG Service catalog Services · owners · health Compliance · tickets · docs 02 DOCS Documentation Wikis · runbooks · RFCs · ADRs Service-anchored · AI-grounded 03 PROJECTS Project & Ticket Management Issues · sprints · SLAs Auto-routing · Jira / Linear sync 04 CLOUD Cloud (AWS) Compute · networking · data IAM · edge · code suite 05 KUBERNETES Container orchestration EKS · ECS · Fargate Live resources · Helm 06 CICD CI / CD & Jobs Pipelines on CodeBuild Cron · ad-hoc on Fargate / EKS 07 CREDENTIALS Secret & Config Management AWS Secrets Mgr · Parameter Store Layered override · rotation · audit 08 BACKUPS Backups & DR RDS · EBS · AWS Backup · S3 repl Failure alerts · RPO · restore tests 09 SECURITY SCANNING Security scanning & ASPM Code · DAST · Infra · Cloud One ASPM queue · owner attached 10 OBSERVABILITY Observability & Incident Mgmt Logs · metrics · traces · incidents Unified dashboard · on-call · status page 11 AI AI assistant Navigator · triage · scorecards Reads platform · cannot read secrets 12 RUNBOOKS Runbooks Notebook cells · shell · HTTP K8s · ECS · EC2 · AI-authored 13 MCP MCP server Claude-callable tools Author in chat, you approve 14 DEV TOOLS Dev Tools SQL Console · RDS in-VPC IAM / basic · SSH · SSM · direct ⊥ FOUNDATION / SHARED ACROSS EVERY SURFACE Audit trail RBAC SSO (OIDC) Workspace isolation Single identity model Open HTTP API Webhooks Workspace-scoped data runs in your infrastructure III AWS Substrate runtime · proxied · workspace-scoped Secrets Manager · Parameter Store · CodeBuild · IAM · ECR · Security Hub · GuardDuty · Inspector · CloudWatch · X-Ray

One platform between your team and your infrastructure.

Service catalog

The catalog is the registry every other module hangs off. Each service record carries its name, kind (service, worker, job, library, frontend, or other), language, runtime, tier, owner group, source-control repository, default branch, the environments it ships to, tags, and links to docs, runbook, dashboard, and on-call.

Cloud (AWS)

Connect an AWS account once and Sciple discovers and surfaces your resources across every major service family:

  • EC2. Instances, AMIs, autoscaling groups, load balancers, target groups, launch templates, transit gateways, security groups, elastic IPs, snapshots, and more.
  • VPC. VPCs, subnets, route tables, internet and NAT gateways, peerings, endpoints, network ACLs, flow logs, VPN and customer gateways.
  • CloudFront. Distributions, functions, cache policies, origin access controls.
  • Route 53. Hosted zones, records, health checks.
  • EKS. Clusters, node groups, addons, Fargate profiles.
  • Lambda. Functions, layers, event source mappings.
  • ECS. Clusters, services, task definitions, tasks.
  • S3, EFS, EBS. Buckets, file systems, volumes, snapshots.
  • RDS, ElastiCache. Instances, clusters, replication groups, snapshots.
  • IAM. Users, groups, roles, policies, instance profiles.
  • Code suite. CodePipeline, CodeBuild, CodeDeploy, CodeCommit, and ECR.

All resources are surfaced with strict workspace isolation. Each user’s preferred columns and ordering are remembered automatically. Sciple also lets you manage AWS Secrets Manager secrets directly from the dashboard, so engineers do not have to drop into the AWS console.

Kubernetes

Browse EKS clusters discovered through the cloud module. The platform covers every Kubernetes resource kind your team works with. Pods update live as their state changes. Namespaces stay current without manual refresh. Every other kind has a searchable table that remembers each user’s preferred columns and ordering.

CI / CD

Pipelines are defined as templated configurations and provisioned to AWS CodeBuild in your account. Each pipeline is owned by a service-and-environment pair. Templated tasks make staging-to-production promotion a configuration change instead of a copy-paste.

Configuration

A layered configuration system. Set defaults globally, narrow them to an environment, narrow again to a specific service, narrow once more to a specific service in a specific environment. The most specific override always wins. Non-secret values are backed by AWS Parameter Store and secret values are backed by AWS Secrets Manager, so they never leave your AWS account.

Credentials store

Sciple supports every credential kind a modern engineering team uses, including passwords, API tokens, OAuth2 clients, SSH private keys, TLS certificates, GPG keys, webhook signing secrets, AWS access keys and IAM roles, Azure service principals, GCP service accounts, GitHub Apps, GitLab and Bitbucket personal access tokens, Kubernetes kubeconfig, service account tokens, container registry credentials, database connection strings, Slack and Teams bot tokens, LDAP bind credentials, and license keys. The values stay in AWS Secrets Manager. Sciple holds the reference, the expiry, the rotation schedule, the ownership, and the audit trail. Other modules reference a credential by identifier, never by value.

Security scanning and ASPM

Sciple covers four scanning pillars: Code (SAST), DAST, Infra and Server, and Cloud. Code scanning includes static analysis (SAST), secret scanning across source code and commit history, and dependency scanning (SCA) across npm, PyPI, Maven, Go modules, RubyGems, NuGet, and Cargo. DAST probes running applications for runtime vulnerabilities like SQL injection, cross-site scripting, broken authentication, and SSRF. Infra and server scanning covers container images (across ECR, Docker Hub, GHCR, Quay, and other OCI registries), running EC2 instances and Lambda functions via AWS Inspector, Infrastructure-as-Code (Terraform and CloudFormation), and Kubernetes manifests and Helm charts. Cloud scanning aggregates posture findings from AWS Security Hub, GuardDuty, IAM Access Analyzer, and other AWS-native security services. All four pillars feed the same ASPM workflow.

Findings flow into a single Application Security Posture Management workflow. The service catalog supplies the owner, so a finding never sits unassigned. Each finding carries a severity, a status, a first-seen timestamp, and a remediation history. Suppressions have a reason and an expiry. The audit trail records every triage and remediation step.

SCM integrations

GitHub, GitLab, Bitbucket, and Azure DevOps. Each provider is backed by a credential from the store. Branch protection rules are fetched and surfaced alongside services. Repository lists are fetched live and feed the service creation form.

Access and audit

See Access and audit for single sign-on, permission groups, the credentials store, and the audit trail in more depth.