EU sovereignty

Self-hosted vulnerability management,
with EU data sovereignty

Centraleyezer is a risk-based vulnerability management platform you can run entirely on your own infrastructure — Docker-deployed, air-gap capable, no call-home — or as SaaS hosted in the European Economic Area. Built by a European vendor for teams whose vulnerability data must not leave their jurisdiction.

Why teams choose the self-hosted route

Most vulnerability management platforms are SaaS-only, hosted under non-EU jurisdictions, with per-asset pricing. Centraleyezer inverts all three defaults:

Your infrastructure, your rules

Docker-based deployment in your data centre or cloud account. You control patching windows, backups, network policy, and access.

Air-gap capable

No runtime call-home. File-based scanner imports and offline enrichment updates keep fully isolated networks covered.

EEA SaaS when you want it

Prefer hosted? The SaaS tier runs in the European Economic Area — EU jurisdiction, EU data residency, €599/month.

Built for EU regulation

NIS2, DORA, ISO 27001, PCI-DSS, and CRA evidence mappings built in — by a European vendor (Sandline SRL, Romania).

Sovereign by architecture

Vulnerability data is a map of your weakest points. Self-hosting keeps it out of foreign jurisdictions entirely.

Same platform, every mode

Self-hosted, air-gapped, and SaaS run the same six-factor risk scoring, 40+ integrations, SLAs, and reporting.

Three deployment modes, one platform

 
EEA SaaS
Self-hosted
Air-gapped
Where data lives
EEA data centres
Your infrastructure
Your isolated network
Scanner connections
API + file import
API + file import
File import + offline updates
Feature set
Full platform
Full platform
Full platform
Pricing
€599/month, unlimited assets & users
Enterprise / MSSP, custom
Enterprise / MSSP, custom
Best for
Fast start, EU residency
Full control, existing infra
Defence, OT, classified networks

Common questions

Is Centraleyezer really self-hosted, or just "private cloud"?

Really self-hosted: Docker containers running in your own infrastructure — your data centre, your cloud account, or a fully air-gapped network. Nothing phones home; licence checks work offline.

Does self-hosting mean losing features versus the SaaS version?

No. Self-hosted Enterprise and MSSP deployments run the same platform as the EU SaaS — same scoring model, integrations, reporting, and API. The SaaS tier simply adds hosting (EEA data centres, 10 GB per tenant).

Can it run fully air-gapped?

Yes. Scanner results arrive as XML/JSON/CSV file imports where API connectivity is impossible, vulnerability enrichment data can be updated offline, and no external connectivity is required at runtime.

Where is the SaaS option hosted?

In the European Economic Area. Data does not leave the EEA, which keeps GDPR data-transfer analysis simple and satisfies EU-data-residency procurement requirements. Self-hosted deployments run wherever you choose.

Why does data residency matter for vulnerability data specifically?

A vulnerability database is a map of your weakest points. Under NIS2 and DORA, regulators and auditors increasingly ask where that data lives, who can access it, and under which jurisdiction. Keeping it in the EEA — or on your own premises — removes an entire category of findings.

Which scanners work in a self-hosted setup?

All 40+ integrations. Internal scanners (Nessus, OpenVAS, Security Center, Burp, Wazuh…) connect over the local network via API; anything else imports via XML/JSON/CSV with configurable field mappings.

Related: platform security · NIS2 compliance · MSSP multi-tenancy · pricing

Keep your vulnerability data at home

A 30-day self-hosted trial runs in your own infrastructure — your data never leaves.

Self-Hosted Vulnerability Management — EU Data Sovereignty | Centraleyezer