SecOps-NG
Deployment

Running a SecOps-NG workflow.

A SecOps-NG workflow is a Python process. There is no orchestrator cluster to install, no SaaS dependency to subscribe to, and no agent to host. The framework is designed to run wherever you can run Python.

The sovereign default

Reference deployments target European-resident, European-governed infrastructure: EU-operated compute, EU-resident object storage, and an EU-resident language model pinned through secops_ng.config. The framework's default configuration does not reach for non-EU endpoints. If you swap a layer for a non-EU provider, that decision is visible in configuration, not hidden in a SDK.

Shape of a deployment

  • The framework — installed as a Python package from the open repository on GitHub.
  • Your workflow — composed from primitives in secops_ng and runnable cookbook templates under workflows/.
  • An inference endpoint — pinned via configure_default_lm to an EU-resident language model of your choice.
  • An OpenTelemetry collector — receives spans from every node and tool call. The framework does not bundle a vendor.
  • A checkpointer (optional) — SQLite for a single process, Postgres for a multi-process operator. State survives restarts when checkpointing is enabled.

A first run

The cookbook in workflows/ includes a runnable vulnerability-triage template: a LangGraph state machine that classifies a single finding through a DSPy reasoning step and emits a typed recommendation. It is self-contained, heavily commented, and safe by default — no destructive actions without explicit confirmation.

Cloning the repository and running the template against a small synthetic finding is the fastest path to seeing every layer of the framework in motion.

Operational readiness, not vendor lock-in

The four layers — orchestration, contracts, LLM reasoning, observability — are independently swappable. The default combination is what the commons supports and writes documentation against, but operators are free to substitute a layer if a sovereign or community-maintained alternative fits better.

A dedicated sovereign quickstart guide — the shortest path from a clean machine to a running reference workflow on European infrastructure — is in progress. Until it lands, the framework README on GitHub is the starting point.

Open the framework on GitHub Back to features