Scan Anything. From Anywhere.
Secure Everything.
Deploy the Samma operator in your Kubernetes cluster — it auto-discovers your services and orchestrates six security scanners. Run it locally, forward external targets to Samma.io, or both. From discovery to alert, fully automated.
Why Samma.io?
A complete security scanning platform: automated discovery, multi-scanner orchestration, external target forwarding, and real-time event processing.
Auto-Discovery
The operator continuously watches your Kubernetes cluster and registers new services as scan targets — no manual configuration needed.
Scheduled Scans
Cron-based scheduling with Nmap, Nikto, Tsunami, DNSRecon, and more. Scans trigger automatically on target discovery and follow your schedule.
SIEM Rule Engine
YAML-based rules with compliance mappings for PCI-DSS, GDPR, HIPAA, NIST, and MITRE ATT&CK frameworks.
NATS Integration
Real-time event processing via NATS message bus. Scanner results and security events flow through a unified pipeline.
External Scanning
Run the operator in your local cluster and forward external targets to Samma.io for cloud-hosted scanning — bridging internal and internet-facing assets.
Your Dashboards
Samma feeds data to Grafana, Kibana, or any tool you already use. We provide the pipeline — you choose the visualization.
Six Scanners. One Platform.
All scanners run as containerized jobs, fully orchestrated by the Samma operator. Each produces structured JSON output that flows through the SIEM pipeline.
Nmap
Port scanning and service/version detection across your entire attack surface.
Nikto
Web server vulnerability scanning — identifies misconfigs, outdated software, and dangerous files.
Tsunami
Google's open-source network security scanner with a plugin system for high-severity findings.
DNSRecon
DNS enumeration, zone-transfer attempts, and subdomain discovery.
HTTP Headers
Checks for missing or misconfigured security headers: HSTS, CSP, X-Frame-Options, and more.
TLS Inspector
Validates certificates, cipher suites, protocol versions, and expiry dates.
Run locally. Scan globally.
Deploy the Samma operator in any Kubernetes cluster — a local Kind or Minikube setup, your staging environment, or production EKS/GKE. The operator watches for services and automatically registers them as scan targets.
Want to scan external internet-facing assets? The operator can forward targets to Samma.io for cloud-hosted scanning. Your cluster stays private — only target hostnames or IPs are forwarded.
apiVersion: samma.io/v1 kind: ScanTarget metadata: name: external-web namespace: samma-system spec: # Send to Samma.io for # cloud-hosted scanning host: www.example.com profile: full externalScan: true
The operator picks this up, registers the target in Samma.io, and all six scanners run on schedule.
Up and running in minutes
Four steps from a fresh cluster to automated security scanning.
Install the operator
kubectl apply -f https://github.com/samma-io/operator/releases/latest/download/operator.yaml
Create an API token
# Go to Samma.io → Dashboard → Tokens → New Token
Configure the operator secret
kubectl create secret generic samma-api \ --namespace samma-system \ --from-literal=api-token=<your-token> \ --from-literal=api-url=https://app.samma.io
Apply a scan target
apiVersion: samma.io/v1 kind: ScanTarget metadata: name: my-web-app spec: host: my-service.example.com profile: full
View your results
Scan findings appear in your Samma.io dashboard in real time, and are forwarded to your SIEM pipeline.
How It Works
Three steps from deployment to actionable security insights.
Deploy
Install the Samma operator in your Kubernetes cluster with a single kubectl command. Works on local Kind/Minikube or production EKS/GKE.
Discover & Scan
The operator auto-discovers services and forwards targets to Samma.io. All six scanners run on schedule, producing structured JSON output.
Analyze & Alert
The SIEM rule engine processes findings through NATS and sends alerts to your dashboards, SIEM, or any webhook destination.
Use your own dashboards
Samma doesn't try to replace your existing tools. All scan results and security events are published as structured data to Elasticsearch via NATS and Vector.dev.
Use Grafana, Kibana, or any visualization tool your team already knows. We provide pre-built dashboard templates to get you started, but the data is yours to query however you like.