hngopher.com

       [HN Gopher] Show HN: Assertly - scriptable monitoring for infose...
       ___________________________________________________________________
        
       Show HN: Assertly - scriptable monitoring for infosec, IT,
       compliance, DevOps
        
       Hey HN!  Jaka here, solo founder of Assertly
       (https://www.assertly.com). Assertly is a monitoring tool for
       continuous infosec, IT, compliance and DevOps regression testing.
       It enables teams to automate periodic checks using JavaScript.
       Before Assertly, I was the CTO of Celtra (https://celtra.com), a
       B2B SaaS company, for over 10 years, from "git init" to 250 people
       and the company's sale to private equity. I was primarily
       responsible for product strategy, engineering, QA, DevOps, but also
       for IT and InfoSec.  I found that ensuring security, integrity,
       privacy, and compliance in peripheral and internal IT systems was
       often harder than for our core product. While for the latter we
       would write tests and rely on our CI/CD pipeline, for other
       systems, things would be written up in policies where adherence is
       hoped for but rarely verified. If it is verified, it is done so
       manually and infrequently (e.g. quarterly). More laborious, while
       giving less assurance.  Today, If you want to automate, you can use
       scheduled GitHub Actions, but the trial-and-error process is slow
       and the alerting system is inflexible--it's just not designed for
       this purpose. Synthetic monitoring tools are better, but limited
       when you need to go beyond frontend. So I created Assertly.
       Assertly lets you automate checks with minimal overhead. It's like
       Google Docs--click "New" and you're writing a script. You get real-
       time alerts and a simple dashboard to see current and historical
       compliance. Common use cases include user access control, GDPR
       compliance, and network security checks. See some example code
       here: https://www.assertly.com/examples.  Companies using Assertly
       experience a 46% reduction in costs related to misconfiguration,
       incidents, bugs, and non-compliance. 73.6% of all statistics are
       made up.  For the technically curious: The scripts each run in its
       own VM (on ECS Fargate) so they're securely isolated for when you
       need to touch sensitive data. You can install any tool, e.g. a CLI
       client or a port scanner. We keep a pool of VMs ready for sub-
       second run latencies. Assertly itself is written in Rust and React.
       Here is the link to sign up & try for free:
       https://www.assertly.com/pricing. If you'd like to get past the
       credit card barrier, mail me at jaka@assertly.com and I will
       manually provision an account for you.  I'm excited to launch
       Assertly and would love to hear your feedback. How do you get peace
       of mind if not through automation? Is there something you'd
       automate if the overhead were zero? Are there use cases have
       missed? Let me know your thoughts!
        
       Author : JakaJancar
       Score  : 32 points
       Date   : 2024-09-05 13:20 UTC (9 hours ago)
        
 (HTM) web link (www.assertly.com)
 (TXT) w3m dump (www.assertly.com)
        
       | jess-zhang wrote:
       | curious how's this different from pingdom, datadog etc?
        
         | JakaJancar wrote:
         | Pingdom (original), Checkly, etc. are for monitoring your
         | websites, from "outside", with a focus on availability (super
         | frequent checks, from different geos, ...).
         | 
         | Datadog, New Relic, Pingdom APM, etc. are for monitoring your
         | production environments, from "inside", deeply integrate with
         | your code, with a focus on availability and troubleshooting
         | (stack traces, distributed tracing, ...).
         | 
         | Assertly is for monitoring of your systems (production, or
         | custom in-house internal, or licensed SaaS) and making sure
         | they behave in a way they're supposed to, with a focus on
         | security, integrity, compliance (more complex, customized
         | checks that run for example daily).
        
       | spuzvabob wrote:
       | Congrats on the launch! The usage examples make a lot of sense,
       | I'm wondering if you plan to provide preconfigured
       | implementations for the most common checks or is custom coding
       | the only option?
        
         | JakaJancar wrote:
         | If AI can code anything, it should certainly be these small
         | scripts. This is the current area of exploration.
        
       | gregorfartek wrote:
       | Great stuff! Congrats on the launch!
        
       ___________________________________________________________________
       (page generated 2024-09-05 23:01 UTC)