---

title: Heimdall - Enterprise Security & Compliance Suite slug: heimdall-security-suite description: Multi-tenant AI security platform with scanning, compliance, and automation status: Product published: published category: Security & Compliance technologies: - Python - FastAPI - Next.js - PostgreSQL - Redis - AWS github: https://github.com/macleodlabs/heimdall website: https://checkcode.dev date: 2025-01-15 featured: true hero: true logo: media/img_3662.png

Heimdall - Enterprise Security & Compliance Suite

Multi-tenant security orchestration platform combining vulnerability scanning, compliance management, credential automation, and third-party integrations.

Architecture Overview

graph TB
    subgraph "Frontend Layer"
        UI[Heimdall UI<br/>Next.js Dashboard]
    end
    
    subgraph "Orchestration Layer"
        ORCH[Heimdall Orchestrator<br/>Workflow Engine]
        TASK[Heimdall Task<br/>Async Jobs]
    end
    
    subgraph "Integration Layer"
        INT[Heimdall Integrations<br/>GitHub, AWS, etc.]
        CRED[Credits Server<br/>Usage Tracking]
    end
    
    subgraph "Infrastructure"
        INFRA[Heimdall Infra<br/>AWS CDK + ECS]
        DB[(PostgreSQL<br/>Multi-tenant)]
        CACHE[(Redis<br/>Job Queue)]
        SECRETS[AWS Secrets<br/>Manager]
    end
    
    UI --> ORCH
    ORCH --> TASK
    ORCH --> INT
    INT --> SECRETS
    TASK --> DB
    TASK --> CACHE
    ORCH --> CRED
    INFRA -.deploys.-> UI
    INFRA -.deploys.-> ORCH
    INFRA -.deploys.-> TASK

Core Components

1. Heimdall UI

Modern Next.js dashboard with:

• Agency/White-Label Mode - Multi-tenant branding
• Compliance Matrix - Visual regulation mapping
• Architecture Diagrams - System visualization
• Trial Management - PropelAuth integration
• Modular Architecture - Package-based structure

Tech Stack:

{
  "framework": "Next.js 14",
  "auth": "PropelAuth",
  "styling": "Tailwind CSS",
  "components": "Shadcn/ui",
  "i18n": "next-intl"
}

2. Heimdall Orchestrator

Workflow execution engine:

• Multi-tenant Isolation - Schema-based separation
• Async Processing - TaskIQ workflows
• Parallel Execution - DAG-based dependencies
• Error Recovery - Circuit breakers + retries

Workflow Example:

from taskiq import TaskiqScheduler

@broker.task
async def security_scan_workflow(tenant_id: str, repo_url: str):
    # Clone repository with caching
    repo = await git_service.clone_cached(repo_url)
    
    # Execute scanners in parallel
    results = await asyncio.gather(
        vulnerability_scan(repo),
        code_quality_scan(repo),
        compliance_check(repo)
    )
    
    # Deduplicate and store
    await dedup_service.process(results)
    return results

3. Heimdall Task

Distributed job processing:

• TaskIQ Integration - Redis-backed queue
• Background Jobs - Long-running scans
• Scheduled Workflows - Cron-based execution
• Dead Letter Queue - Failed job handling

4. Heimdall Integrations

Generic integration framework:

• GitHub App - Repository access
• AWS Secrets - Credential management
• Pluggable Architecture - Easy extensions
• Multi-tenant Config - Per-customer settings

Integration Interface:

from heimdall_integrations.core import BaseIntegration

class GitHubIntegration(BaseIntegration):
    category = "git"
    
    async def authenticate(self, config: Dict) -> bool:
        # OAuth flow with token management
        pass
    
    async def fetch_repos(self, org: str) -> List[Repository]:
        # Paginated API calls with caching
        pass

5. Heimdall Infra

AWS deployment automation:

• CDK Stacks - Infrastructure as Code
• ECS/Fargate - Container orchestration
• OIDC Auth - GitHub Actions integration
• Monitoring - CloudWatch + alarms

CDK Stack:

from aws_cdk import Stack
from aws_cdk import aws_ecs as ecs

class HeimdallStack(Stack):
    def __init__(self, scope, id, **kwargs):
        super().__init__(scope, id, **kwargs)
        
        # Multi-tenant database with schema isolation
        self.rds = rds.DatabaseInstance(...)
        
        # ECS cluster with auto-scaling
        self.cluster = ecs.Cluster(self, "HeimdallCluster")
        
        # Fargate services for each component
        self.ui_service = ecs_patterns.ApplicationLoadBalancedFargateService(...)
        self.orchestrator_service = ecs.FargateService(...)

6. Credits Server

Usage tracking and billing:

• API Metering - Request counting
• Tenant Quotas - Usage limits
• Billing Integration - Stripe/invoicing
• Analytics - Usage dashboards

Key Features

Multi-Tenant Architecture

┌─────────────────────────────────────┐
│ Tenant A                            │
│ ├── Schema: tenant_a                │
│ ├── S3 Prefix: tenants/a/           │
│ ├── Secrets: heimdall/tenant-a/*    │
│ └── Credits: 10,000 remaining       │
├─────────────────────────────────────┤
│ Tenant B                            │
│ ├── Schema: tenant_b                │
│ ├── S3 Prefix: tenants/b/           │
│ ├── Secrets: heimdall/tenant-b/*    │
│ └── Credits: 5,000 remaining        │
└─────────────────────────────────────┘

Security Scanning Pipeline

Trigger → Clone Repo → Parallel Scans → Deduplication → Storage
                       ├── Vulnerability
                       ├── Code Quality  
                       ├── Secrets Detection
                       └── Compliance Check

Compliance Automation

• Regulation Mapping - SOLAS, IEC, ISO, ABS standards
• Control Survey - Automated compliance checks
• Report Generation - PDF export with evidence
• AI Explanations - Natural language insights

Performance Metrics

• Scan Time: 2-5 minutes for typical repositories
• Concurrent Tenants: 100+ with schema isolation
• Throughput: 1000+ scans/hour with auto-scaling
• Uptime: 99.9% SLA with health checks

Deployment Options

Docker Compose (Development)

docker-compose up -d
# Access UI at localhost:3000

AWS (Production)

cd heimdall_infra
cdk deploy --all
# Deploys complete infrastructure

Kubernetes (Enterprise)

kubectl apply -f k8s/
# Helm charts available

Use Cases

1. Continuous Security Monitoring

Automated scans on every commit with PR integration and Slack notifications.

2. Compliance Auditing

Track regulatory compliance across multiple repositories with evidence collection.

3. White-Label Security Platform

Resell as branded security solution with per-customer customization.

4. DevSecOps Integration

Embed security checks in CI/CD pipelines with GitHub Actions integration.

Technical Highlights

• PostgreSQL Schema Isolation - True multi-tenancy without database proliferation
• TaskIQ Workflows - Type-safe async job processing with retry logic
• AWS CDK - Complete infrastructure automation with TypeScript
• Next.js App Router - Modern React with server components
• PropelAuth - Enterprise SSO with org management

Status

Production-ready multi-tenant security platform with 5+ components working in concert. Deployed on AWS with full automation and monitoring.

---

Part of MacLeod Labs Enterprise Security Portfolio