Self-hosted vulnerability management,
with EU data sovereignty
Centraleyezer is a risk-based vulnerability management platform you can run entirely on your own infrastructure โ Docker-deployed, air-gap capable, no call-home โ or as SaaS hosted in the European Economic Area. Built by a European vendor for teams whose vulnerability data must not leave their jurisdiction.
Why teams choose the self-hosted route
Most vulnerability management platforms are SaaS-only, hosted under non-EU jurisdictions, with per-asset pricing. Centraleyezer inverts all three defaults:
Your infrastructure, your rules
Docker-based deployment in your data centre or cloud account. You control patching windows, backups, network policy, and access.
Air-gap capable
No runtime call-home. File-based scanner imports and offline enrichment updates keep fully isolated networks covered.
EEA SaaS when you want it
Prefer hosted? The SaaS tier runs in the European Economic Area โ EU jurisdiction, EU data residency, โฌ599/month.
Built for EU regulation
NIS2, DORA, ISO 27001, PCI-DSS, and CRA evidence mappings built in โ by a European vendor (Sandline SRL, Romania).
Sovereign by architecture
Vulnerability data is a map of your weakest points. Self-hosting keeps it out of foreign jurisdictions entirely.
Same platform, every mode
Self-hosted, air-gapped, and SaaS run the same six-factor risk scoring, 40+ integrations, SLAs, and reporting.
Three deployment modes, one platform
Common questions
Is Centraleyezer really self-hosted, or just "private cloud"?
Really self-hosted: Docker containers running in your own infrastructure โ your data centre, your cloud account, or a fully air-gapped network. Nothing phones home; licence checks work offline.
Does self-hosting mean losing features versus the SaaS version?
No. Self-hosted Enterprise and MSSP deployments run the same platform as the EU SaaS โ same scoring model, integrations, reporting, and API. The SaaS tier simply adds hosting (EEA data centres, 10 GB per tenant).
Can it run fully air-gapped?
Yes. Scanner results arrive as XML/JSON/CSV file imports where API connectivity is impossible, vulnerability enrichment data can be updated offline, and no external connectivity is required at runtime.
Where is the SaaS option hosted?
In the European Economic Area. Data does not leave the EEA, which keeps GDPR data-transfer analysis simple and satisfies EU-data-residency procurement requirements. Self-hosted deployments run wherever you choose.
Why does data residency matter for vulnerability data specifically?
A vulnerability database is a map of your weakest points. Under NIS2 and DORA, regulators and auditors increasingly ask where that data lives, who can access it, and under which jurisdiction. Keeping it in the EEA โ or on your own premises โ removes an entire category of findings.
Which scanners work in a self-hosted setup?
All 40+ integrations. Internal scanners (Nessus, OpenVAS, Security Center, Burp, Wazuhโฆ) connect over the local network via API; anything else imports via XML/JSON/CSV with configurable field mappings.
Related: platform security ยท NIS2 compliance ยท MSSP multi-tenancy ยท pricing