Choose a Model Login →
Deployment Architecture

Choose the SecureOne deployment model that fits your infrastructure and security goals.

Whether you need a fully managed SaaS platform, a simple self-hosted setup, or a distributed architecture across separate SecureOne and agent nodes, SecureOne gives you the flexibility to deploy based on team size, operational maturity, and compliance needs.

At-a-Glance Deployment Diagram

Start here: this visual shows how control plane and scan execution can be separated when needed.

SecureOne distributed deployment diagram showing secureone.com and secureone_agent.com architecture
secureone.com
SecureOne UI/APIControl Plane
PostgreSQLFindings + Metadata
secureone_agent.com
Scan AgentJob Worker
JenkinsCI/CD Triggers
Tool ImagesSemgrep / Snyk / Gitleaks
SaaS All-in-One Distributed

Deployment Models

Compare the three most common ways teams deploy SecureOne.

Fastest Start

SaaS Deployment

Ideal for teams that want fast time-to-value and minimal infrastructure management.

UsersDevelopers / Security
SecureOne CloudHosted Platform
GitHub + CIIntegrations
  • No local infrastructure required
  • Managed updates and operations
  • Best for quick onboarding and smaller ops teams
Simple Self-Hosted

All-in-One Deployment

Best for evaluation environments, internal labs, and teams that want everything on a single host.

SecureOneUI / API
PostgreSQLDatabase
Jenkins + AgentCI / Orchestration
Tool ImagesSAST / SCA / Secrets
  • Easiest self-managed setup
  • Good for local or single-server installs
  • Lower infrastructure complexity
Recommended for Scale

Distributed Deployment

Best for enterprises that want SecureOne and scanning infrastructure on separate machines or domains.

secureone.com
SecureOneApp / API
PostgreSQLPrimary Data Store
secureone_agent.com
Scan AgentJob Execution
JenkinsPipeline Control
Tool ImagesSemgrep / Snyk / Gitleaks
  • Separates control plane from scan execution plane
  • Better scaling and isolation for CI workloads
  • Supports dedicated infrastructure per environment

How to Choose

Choose SaaS if...

  • You want immediate access with no infrastructure setup
  • You prefer managed operations and updates
  • Your team wants the fastest onboarding path

Choose All-in-One if...

  • You want a simple local or on-prem deployment
  • You are evaluating SecureOne internally
  • You do not yet need separate agent infrastructure

Choose Distributed if...

  • You run separate control-plane and CI/CD workloads
  • You need stronger workload isolation and scaling
  • You want `secureone.com` and `secureone_agent.com` on separate machines

Operational Guidance

Requirement Recommended Model Why
Fastest rollout SaaS No infrastructure management and fastest onboarding
Single server deployment All-in-One Keeps application, database, agent, and CI together
Separate app and agent nodes Distributed Supports separate domains, scaling, and operational isolation
Enterprise CI/CD segmentation Distributed Lets scan workloads live independently from SecureOne app services

Ready to Deploy?

Start with the model that matches your current requirements, then evolve into distributed deployment as your scale, compliance, or CI/CD isolation needs grow.

View Deployment Docs Download SecureOne Talk to BountyBreach