Trust Center
Security architecture
How Qtangl processes scan data, protects credentials, and signs reports.
Data flow
API requests authenticate with tenant API keys (hashed at rest). Scan jobs queue in Redis; workers execute discovery, persist bundles in Postgres per tenant, and run post-complete diff/alert/webhook pipelines.
Encryption
TLS in transit for all public endpoints. Integration secrets (Jira tokens) encrypt at rest when QTANGL_SECRETS_KEY is configured. Webhooks support optional HMAC signing.
Report integrity
Reports include content hashes and signatures (ML-DSA-65 or Ed25519). Verify at /verify.