Airgapped
Run Moderne air-gapped using the CLI, with access to LSTs, full recipe catalog, and agent tools. Your code and data stay under your own security controls.
Capabilities
The Lossless Semantic Tree, the full recipe catalog, the Moderne CLI, and the mass ingest and mass run pipelines. Your developers run recipes locally; the pipelines build and publish LSTs across your estate. No central Moderne service required.
The LST powers everything: the recipe catalog, semantic search across your estate, context resolution for coding agents via MCP, and DevCenter visualizations. The same foundation as the hosted Platform, run entirely inside your network.
Mass ingest and mass run pipelines integrate with the SCM, artifact repository, and CI/CD you already operate. Source code, recipes, LSTs, and analysis all stay inside your network. SOC 2 Type 2 boundaries, banking and insurance security reviews, and federal data-residency requirements don’t bend.
The pipelines
Two customizable pipelines integrate with the SCM, artifact repository, and CI/CD you already operate. No central Moderne service required.
Mass ingest clones every repository you specify, builds the Lossless Semantic Trees, and publishes them to your artifact repository. Runs on your infrastructure. Schedules through your CI/CD.
Mass run executes recipes across those LSTs from the Moderne CLI. Same recipe catalog as the hosted Platform. Same deterministic output. No outbound traffic.
Diffs land in your SCM. Telemetry flows into your existing BI portal. Customer-managed access controls govern who sees what. Nothing leaves your perimeter.
Scope of work
Run the work that keeps slipping, across every affected repository in your estate, without source code leaving your perimeter.
CVEs and zero-days fixed at the source, in every affected repository, not just flagged on a dashboard. SCA, SAST, OWASP Top 10, TLS, post-quantum cryptography. The fix arrives as a reviewed diff.
Spring, Jakarta EE, .NET, and the frameworks beneath them moved forward version by version, including the breaking changes that usually stall an upgrade.
Java, Kotlin, Python, C#, and JavaScript brought to current, from the JDK bump or runtime upgrade through the API changes it forces across your services.
End-of-life libraries replaced, vulnerable transitive dependencies pinned, and version drift across services pulled back into line.
Maven, Gradle, npm, and CI configuration kept current, along with the boilerplate that rots quietly until it blocks the next upgrade.
Data tables and dashboards feed your existing BI. Every recipe is reproducible, and every diff is signed off before it merges. Audit-ready by default.
Agent tools
DX delivers the same find, frame, fix, and govern loop to Claude Code, Cursor, Copilot, and any MCP-compatible agent over MCP, entirely inside your perimeter. No source code, context, or telemetry leaves your network.
Symbol-aware, trigram-indexed search built from the LST. Agents locate every real occurrence across your estate in milliseconds, with no follow-up reads.
Precomputed, compiler-accurate context (architecture, dependencies, code quality) ready before the session starts, so the agent stops paying a token tax on discovery.
Deterministic, LST-powered transformations the agent calls instead of guessing. One reviewable recipe lands the same edit across one repo or a hundred thousand.
One view across GitHub, GitLab, Bitbucket, and internal VCS, with bulk approve, merge, and close, so agent-driven change stays auditable and under control.
Proof
You need something scalable, deterministic, and explainable. That’s the only way to make progress across an estate this large.
What once required weeks of coordination across security, development, and QA could now be executed in hours.
It quickly became evident that Moderne was much better at doing a lot more than just basic vulnerability scanning.
Moderne has been a game-changer. It gave us the ability to modernize safely and at scale, without adding more burden to our developers.
Delivery
Moderne DX is one of three ways to put the platform to work. Pick the one that fits your environment and how much of the work you want to own.
We host the platform. Your engineers drive the change across the estate.
See the PlatformThe same engine, run air-gapped via the CLI inside your own network.
You’re hereWe bring the platform and the team, and we own the outcome on an ongoing basis.
See the Managed ServiceQuestions
On your own servers or VMs (such as EC2 or Azure VMs). The mass ingest and mass run pipelines integrate with your existing SCM, artifact repository (Artifactory, Nexus), and CI/CD systems.
No. DX runs fully air-gapped with no dependency on outbound internet access.
Moderne does not. In DX, your source code, your LSTs, and the recipes that run against them stay entirely inside your perimeter.
No. DX generates diffs that land in your SCM. Your developers review and merge.
Yes. The mass ingest pipeline you stand up for DX is the same one that powers the hosted Platform. The transition is supported if your security review eventually clears a hybrid SaaS deployment.
The same languages as the hosted Platform. Java, Kotlin, and Groovy across the JVM, plus Python, C#/.NET, and JavaScript/TypeScript. See the language support page for the current list.
Customer-managed. You handle access through your existing identity systems and SSO.
Bring Moderne inside your perimeter.
A solutions engineer will scope the rollout for your environment.
