One Platform. Seven Governance Modules.
ForgeHelm covers the full software governance lifecycle — from automated compliance reports to legacy modernization — with source code always staying on your network.
Designed for Security & Engineering Leadership
CTO / CIO
Portfolio-level compliance visibility, risk heat maps, trend dashboards
CISO
Framework coverage matrix, audit trail export, supply chain security (SBOM)
IT / DevSecOps
Automated scanning pipeline, codemod migration, data quality analysis
Seven Governance Modules
From compliance reports to legacy modernization — a single platform covers the full lifecycle.
Compliance Reports
Structured reports aligned to 20+ frameworks. Export as PDF, Excel, CSV, or Word in 5 languages.
- PDF, Excel, CSV, Word export
- 5-language report output
- ISO 31000, NIST RMF, ISO 27005 risk methods
- Framework coverage matrix
SBOM
CycloneDX / SPDX software bill of materials. Track dependencies, licenses, and known vulnerabilities.
- CycloneDX and SPDX formats
- Dependency vulnerability mapping
- License compliance tracking
- Supply chain risk visualization
Governance Dashboard
Hierarchical drill-down from tenant to subsystem. Compliance coverage, trend charts, and risk heat maps.
- Tenant → project → subsystem drill-down
- Compliance coverage trend charts
- Risk heat maps
- Multi-project comparison
Risk Questionnaire
Five-dimension maturity assessment (M1–M5). Radar chart visualization and AI-generated improvement recommendations.
- 5-dimension maturity model (M1–M5)
- Radar chart visualization
- AI-generated improvement recommendations
- Historical maturity tracking
AI ChatBot
RAG-powered assistant understands your governance context. Streaming responses, fully offline-capable.
- RAG-powered governance context
- Streaming response UI
- Fully offline-capable
- External or local LLM support
Tech Stack Migration
Automated codemod, before/after compliance comparison, version bookshelf for migration artifacts.
- Automated codemod transformation
- Before/after compliance comparison
- Version bookshelf for migration artifacts
- Multi-target tech stack support
Data Quality
Database object health analysis, redundancy detection, naming consistency, performance bottleneck identification.
- Database object health scoring
- Redundancy and duplication detection
- Naming convention consistency check
- Performance bottleneck identification
8-Axis Risk Fingerprint
Visual project health powered by real Agent scan data — not placeholder scores.
Five Agent dimensions (documentation, test coverage, dependency risk, security posture, tech debt) plus three SaaS governance dimensions form an at-a-glance radar chart for executives and engineering leads.
- Documentation completeness
- Test coverage
- Dependency risk
- Security posture
- Technical debt
- Compliance coverage (SaaS)
- Governance maturity (SaaS)
- Portfolio risk trend (SaaS)
FinOps Usage Transparency
No taxi-meter billing. Layered visibility by role.
End users
Plan name, available features, renewal date
Project leads
Report count, scan runs, ChatBot sessions
Administrators
Seat utilization, usage summary, trends
Enterprise
CSV/API export, departmental chargeback tags
Enterprise AI Deployment: Bring Your Own LLM (BYOL)
Run ForgeHelm's AI ChatBot on your own GPU cluster, Ollama instance, or vLLM service. Source code never leaves your perimeter. Compatible with OpenAI-compatible APIs and local models.
View Deployment Architecture →Security Architecture
Data Desensitization
Source code fragments are never transmitted. Only file names, line numbers, and summary counts leave the agent.
Role-Based Access Control
Granular RBAC: view, configure, export, and admin roles. Least-privilege enforced.
Multi-Tenant Isolation
Complete logical isolation between tenants. One codebase, no per-customer customization risk.
Immutable Audit Logs
Every login, policy change, report export, and data access is logged with who, when, what, and result.