Netwarden
Free scan. No account needed.

Find the security holes attackers see.Get the exact fix for every one.

Netwarden scans your website and cloud accounts, then writes the exact fix for every problem it finds. Monitoring comes with it.

Results in under a minute.
Security

Find what is exposed, then actually fix it.

Netwarden scans your website and your cloud for the problems that get sites breached, then hands you the remediation for each one. Start with a free scan and see what turns up before you pay anything.

Scan your website

Checks your live site for exposed services, weak TLS, missing security headers, and known vulnerabilities, the same way an attacker would look at it.

Scan your cloud

Connect AWS, Azure, GCP, or Vercel and get a clear read on public buckets, over-broad permissions, and the misconfigurations that lead to breaches.

Fix it, not just find it

Every finding comes with a plain explanation and an AI-written fix you can apply, not a severity score and a link to go read about it.

DashboardHostsAlerts
CPU Usage23%
Memory4.2 GB
Network1.8 Mbps
Product

Hosts

A Linux monitoring agent that also runs a security audit on every host. CPU and memory metrics on one side, CVE matches and SSH posture on the other, in the same daemon.

web-01 · CPU34%
CVE-2024-7592 · openssl 3.0.11
  • Linux servers, containers, and the services on them
  • CVE alerts on the packages you have installed
  • Custom dashboards on any metric the agent reports
  • Email, push, and webhook alerts, routed by severity
Explore Hosts
ProductAlpha

Apps

Error tracking and dependency CVE alerts for the apps you ship. Plus lite analytics if you want them. No per-event bills, no SDK that ships its own runtime.

TypeError×142
Cannot read properties of undefined
app/checkout/page.tsx:47
lib/cart.ts:21
  • Sentry-shaped errors with source maps and breadcrumbs
  • Daily OSV.dev cross-reference across 8 ecosystems
  • Pageviews, custom events, one funnel per project
  • Same Bun binary as Hosts. Run it yourself.
Explore Apps

One-line install

curl on the server for Hosts, npm or pip for Apps. The agent writes its own config and starts reporting.

Alerts that actually fire

CVE matches on installed packages. Error spikes from your apps. Routed to email, push, or webhook by severity.

Service auto-discovery

On first boot, the agent finds Docker, Podman, MySQL, and PostgreSQL on the box and starts collecting from them.

Self-host or cloud

Run the same Bun binary on a $5 VPS, or sign up and we run it for you. Switching is the same binary, different host.

ONE COMMAND TO INSTALL

Paste the curl line. The agent does the rest.

It installs, discovers what is running on the box, and starts shipping metrics. Editing config is optional. If your box has Docker or PostgreSQL on it, those show up on their own.

$ curl -sSL get.netwarden.com | bash
Installing Netwarden agent v2.4.1...
Detecting services: postgres, mysql, docker
✓ Agent connected! Sending metrics to app.netwarden.com
✓ 3 services auto-discovered
✓ Dashboard ready at app.netwarden.com/hosts/web-01
Self-hosted, open beta

Run Netwarden on your own hardware in a couple of minutes

One Bun-compiled binary with SQLite inside. No Postgres to run, no Redis to babysit, no outbound calls required. Copy ./server to the box and start it. CVE scanning, dashboards, and alert dispatch all live in the same process. Air-gap it if you want.

$ curl -sSL get.netwarden.com/selfhosted/install.sh | bash
Downloading netwarden-server (linux-arm64)...
Initializing SQLite at /var/lib/netwarden/data.db
Server listening on :3000
CVE feeds synced · 14 finding types active

What is different here

Open-source agent

You can read what it collects, in Go, on GitHub.

Self-host whenever

If we go away or you stop trusting us, the same binary runs on your hardware.

Built in the US

Small team. No offshore support, no offshore data.

Apps · Alpha

Error tracking, plus a CVE radar for the packages you import

An error tracker that also runs an OSV.dev cross-reference on your package.json, requirements.txt, go.mod, and the rest. Errors are the day-to-day. The dependency CVE is the thing that ruins your weekend.

Sentry-shaped errors

Fingerprint dedup, source-map symbolication, breadcrumbs, and request context. The shape you are already used to.

OSV.dev CVE alerts on your deps

Daily cross-reference across npm, PyPI, RubyGems, Go, Cargo, Maven, NuGet, and Composer against the versions you actually shipped.

Lite analytics

Pageviews, cookieless visitors, custom events, one funnel per project. No replay. No flags.

Use cases

What teams actually use it for

Apps

Solo dev shipping a Vercel app

  • Drop the JS SDK in once, get fingerprinted errors with source maps
  • OSV.dev alerts when your `next` or `react` ships a security patch
  • Cookieless pageviews and a single funnel — without analytics bloat
Apps for developers
Hosts

Self-hosted homelab

  • One Bun binary, SQLite by default — no Postgres to operate
  • Air-gappable: ship the binary, run it, done
  • Auto-discovers Docker, Podman, MySQL, and PostgreSQL
Run it yourself
Hosts

WordPress agency

  • Drop-in plugin reports core, theme, and plugin versions
  • Monitor every client site from one dashboard
  • Alerts for outdated PHP, expired SSL, and plugin CVEs
WordPress plugin
Bundle

Small SaaS running both

  • Same agent reports on the host and on the app running on it
  • Pro Hosts plan includes Solo Apps free
  • Single binary self-hosts the whole stack
See the bundle
Self-Hosted

Air-gapped enterprise

  • Ship one binary into the secure zone, no outbound calls required
  • All security findings, alerts and dashboards run locally
  • SQLite by default; bring Postgres only if you want it
Self-hosted docs
MonthlyAnnuallySave 20%

Loading pricing plans...