Pick the path that matches how you ship.
CVERiskPilot is the same platform under the hood — the same scanner ingestion, the same hybrid AI triage, the same 13-framework mapping. What changes is how it shows up in your workflow.
By role
Same platform, optimized output for the team running it.
Startups & Indie Builders
Compliance in the shell
One CLI command, real free tier, $149/mo Pro upgrade. Skip the $10K/year GRC platform until you actually need it.
Learn moreGRC & Compliance Teams
Replace the quarterly mapping sprint
Every CVE auto-mapped to 13 frameworks. POAMs draft themselves. Vault Protocol-signed evidence trail.
Learn moreDevSecOps Teams
CI/CD that speaks compliance
Drop-in GitHub Action, SARIF output, exit-code gating, control IDs in every PR check.
Learn moreFederal & Defense Contractors
Built by veterans for assessor-ready output
CMMC L2 self-assessment, FedRAMP-style POAM, NIST 800-53 mapping, --preset federal and --preset defense.
Learn moreBy framework
Need a specific compliance regime? Start here for framework-tuned guidance.
Healthcare
HIPAA
Map vulnerabilities to 45 CFR §164.312 safeguards. Track Security Rule compliance per asset class.
Learn moreDefense
CMMC 2.0
Level 1 and Level 2 self-assessment workflows. POAM generation against the 110 practices.
Learn moreSaaS
SOC 2
Map findings to Trust Services Criteria. CC6.x logical access, CC7.x system operations, signed audit trail.
Learn moreDon't see your shape?
All 13 frameworks ship in every paid tier — these pages just put a face on the most common starting points. If you have a hybrid setup or a non-listed framework requirement, the platform still covers it.