Sign InStart Free
Netwarden
Sign InStart Free
One agent. Two products. Run it yourself.

Server monitoring.Error tracking for the apps on top.Same agent. Pay flat or self-host.

Hosts is a Linux monitoring agent that also flags CVEs against Ubuntu USN, Debian DSA, Red Hat OVAL, and OSV.dev. Apps (alpha) is an error tracker that pings you when one of your dependencies ships a security patch. Both ride in the same Bun binary, with SQLite inside.

Start freeSee pricing
HostsAppsOne Bun binary with SQLite. No outbound calls.
Product

Hosts

A Linux monitoring agent that also runs a security audit on every host. CPU and memory metrics on one side, CVE matches and SSH posture on the other, in the same daemon.

web-01 · CPU34%
CVE-2024-7592 · openssl 3.0.11
  • Linux servers, containers, and the services on them
  • CVE alerts on the packages you have installed
  • Custom dashboards on any metric the agent reports
  • Email, push, and webhook alerts, routed by severity
Explore Hosts
ProductAlpha

Apps

Error tracking and dependency CVE alerts for the apps you ship. Plus lite analytics if you want them. No per-event bills, no SDK that ships its own runtime.

TypeError×142
Cannot read properties of undefined
app/checkout/page.tsx:47
lib/cart.ts:21
  • Sentry-shaped errors with source maps and breadcrumbs
  • Daily OSV.dev cross-reference across 8 ecosystems
  • Pageviews, custom events, one funnel per project
  • Same Bun binary as Hosts. Run it yourself.
Explore Apps
DashboardHostsAlerts
CPU Usage23%
Memory4.2 GB
Network1.8 Mbps

One-line install

curl on the server for Hosts, npm or pip for Apps. The agent writes its own config and starts reporting.

Alerts that actually fire

CVE matches on installed packages. Error spikes from your apps. Routed to email, push, or webhook by severity.

Service auto-discovery

On first boot, the agent finds Docker, Podman, MySQL, and PostgreSQL on the box and starts collecting from them.

Self-host or cloud

Run the same Bun binary on a $5 VPS, or sign up and we run it for you. Switching is the same binary, different host.

ONE COMMAND TO INSTALL

Paste the curl line. The agent does the rest.

It installs, discovers what is running on the box, and starts shipping metrics. Editing config is optional. If your box has Docker or PostgreSQL on it, those show up on their own.

Get Started FreeRead the Docs
$ curl -sSL get.netwarden.com | bash
Installing Netwarden agent v2.4.1...
Detecting services: postgres, mysql, docker
✓ Agent connected! Sending metrics to app.netwarden.com
✓ 3 services auto-discovered
✓ Dashboard ready at app.netwarden.com/hosts/web-01
Self-hosted, open beta

Run Netwarden on your own hardware in a couple of minutes

One Bun-compiled binary with SQLite inside. No Postgres to run, no Redis to babysit, no outbound calls required. Copy ./server to the box and start it. CVE scanning, dashboards, and alert dispatch all live in the same process. Air-gap it if you want.

DownloadRead the docs
$ curl -sSL get.netwarden.com/selfhosted/install.sh | bash
Downloading netwarden-server (linux-arm64)...
Initializing SQLite at /var/lib/netwarden/data.db
Server listening on :3000
CVE feeds synced · 14 finding types active

What is different here

Open-source agent

You can read what it collects, in Go, on GitHub.

Self-host whenever

If we go away or you stop trusting us, the same binary runs on your hardware.

Built in the US

Small team. No offshore support, no offshore data.

Security

Most monitors watch uptime. This one watches your posture too.

The same agent that reports CPU and memory also flags CVE matches, weak SSH config, public-bound management ports, and failed-login bursts by country. 14 finding types, one inbox.

CVE alerts on installed packages

Matches your package inventory against Ubuntu USN, Debian DSA, Red Hat OVAL, and OSV.dev.

SSH config audit

Catches PermitRootLogin, password-only auth, weak host keys, and outdated ciphers on every connection.

Failed-login GeoIP

Alerts when failed logins burst from somewhere unexpected, scoped to a 60-second window.

Explore security features
Apps · Alpha

Error tracking, plus a CVE radar for the packages you import

An error tracker that also runs an OSV.dev cross-reference on your package.json, requirements.txt, go.mod, and the rest. Errors are the day-to-day. The dependency CVE is the thing that ruins your weekend.

Sentry-shaped errors

Fingerprint dedup, source-map symbolication, breadcrumbs, and request context. The shape you are already used to.

OSV.dev CVE alerts on your deps

Daily cross-reference across npm, PyPI, RubyGems, Go, Cargo, Maven, NuGet, and Composer against the versions you actually shipped.

Lite analytics

Pageviews, cookieless visitors, custom events, one funnel per project. No replay. No flags.

Explore Apps
Use cases

What teams actually use it for

Apps

Solo dev shipping a Vercel app

  • Drop the JS SDK in once, get fingerprinted errors with source maps
  • OSV.dev alerts when your `next` or `react` ships a security patch
  • Cookieless pageviews and a single funnel — without analytics bloat
Apps for developers
Hosts

Self-hosted homelab

  • One Bun binary, SQLite by default — no Postgres to operate
  • Air-gappable: ship the binary, run it, done
  • Auto-discovers Docker, Podman, MySQL, and PostgreSQL
Run it yourself
Hosts

WordPress agency

  • Drop-in plugin reports core, theme, and plugin versions
  • Monitor every client site from one dashboard
  • Alerts for outdated PHP, expired SSL, and plugin CVEs
WordPress plugin
Bundle

Small SaaS running both

  • Same agent reports on the host and on the app running on it
  • Pro Hosts plan includes Solo Apps free
  • Single binary self-hosts the whole stack
See the bundle
Self-Hosted

Air-gapped enterprise

  • Ship one binary into the secure zone, no outbound calls required
  • All security findings, alerts and dashboards run locally
  • SQLite by default; bring Postgres only if you want it
Self-hosted docs
MonthlyAnnuallySave 20%

Loading pricing plans...