If your pentests involve government contracts, financial data, or
healthcare systems
- your tools need to meet the same compliance standards as your clients.
Walk into your security review with an answer for every question on their checklist.
Enterprise |
Remediate |
Assess |
|
|---|---|---|---|
| Authentication and Identity | |||
| MFA with Azure | |||
| LDAP / Active Directory / Entra ID | |||
| Okta | |||
| SAML | |||
| Audit Logging | |||
| Support | |||
| Screen-share Troubleshooting | 10 sessions/month | 1 session/month | 1 session/month |
| Done-for-your Upgrades | |||
| Priority Support | |||
| Legal and Procurement | |||
| Vendor onboarding forms / portal | |||
| Pay by PO | |||
| Payment terms | NET30 | No | No |
| Minor EULA tweaks | |||
| Optional NDA | |||
| Seats included | 5 users | 1 user | 1 user |
More than 1,179 InfoSec teams in 81 countries have simplified their workflow with Dradis since 2007.












Secure every account. Admins can enforce instance-wide MFA, and users get QR code setup with backup codes for easy onboarding.
Track every critical action across your Dradis instance - project access, permission changes, user activity, and authentication events - with exportable logs and configurable retention.
Get direct access to our engineering team with guaranteed response times and hands-on assistance for deployment, upgrades, and troubleshooting.
All Enterprise customers also get: email and in-app support, access to community forums, and weekday chat support with our engineering team.
We work with your procurement process - not against it. Get the contract terms and payment flexibility your organization requires.
Need something else? We're flexible. Talk to our team about custom procurement requirements.
Dradis is self-hosted: it runs on your on-premises servers, your private cloud account (AWS, Azure, or GCP), or a fully air-gapped network with no internet connection. There are no external calls and no vendor cloud dependency, so the platform functions completely offline.
Upgrades happen on your schedule, not ours. You can test a release in staging before production, and Enterprise customers can have our team handle configuration and upgrades for them. Air-gapped instances upgrade without an internet connection.
See the deployment guides for on-premises, private cloud, and air-gapped setups.
Dradis keeps a complete audit trail of critical actions across your instance (project access, permission changes, user activity, and authentication events) with a dedicated audit log UI for querying and CSV export for compliance reporting or archiving. In practice, audit logging evidence alone is usually enough to clear an internal security review.
On the platform side, Dradis is peer-reviewed and security-assessed before every release, runs automated vulnerability scanning in its CI/CD pipeline, and is built by the authors of the UK CPNI guide on secure web applications.
Because the core is open-source, your team can inspect exactly how it works rather than taking our word for it.
Your engagement data never leaves the infrastructure you control. No finding, screenshot, client name, or AI-assisted write-up is transmitted to us or any third party, which keeps assessment data inside your compliance boundary.
This directly supports requirements under FISMA, GDPR, HIPAA, NIS2, NIST 800-53, PCI-DSS, SOX, and SOC 2, where data residency or controlled-infrastructure rules would otherwise disqualify a multi-tenant cloud tool.
This is the one thing a cloud SaaS competitor cannot match: a hosted platform, by definition, sends your data to infrastructure the vendor controls.
Yes. Enterprise supports payment by purchase order with NET30 terms (no credit card required), vendor onboarding forms and portals, and annual, multi-year, or custom agreements.
We can sign your NDA or provide our standard one, and we work with your legal team on minor EULA adjustments for specific requirements. There are no per-seat minimums until the Enterprise tier, so procurement has an accessible entry point even within a cautious approval process.
If you need something we have not listed, talk to our team about custom procurement requirements or request a quote.
Dradis authenticates users through your existing identity provider (LDAP or Active Directory, SAML, Okta, or Entra ID) with no workarounds required.
Admins can enforce OTP-based multi-factor authentication instance-wide from the console, and MFA works with any OTP app (Google Authenticator, Authy, 1Password) or with Duo and Azure MFA. Access is governed by role-based access control and project-level permissions, so users only see the engagements they are assigned to.
Together this satisfies the authentication and least-privilege controls auditors look for under NIST IA-2, PCI-DSS 8.3, and similar frameworks.
Loading form...
Your email is kept private. We don't do the spam thing.