Developer-first and agent-first runtime security. The SDLC trust layer for workstations, runners, build hosts, and coding agents.

EDAMAME continuously verifies identity, device posture, and context for every code interaction and build. Developers keep moving, leaders get proof, and the workstations, runners, and coding agents behind delivery stay protected without MDM/UEM lockdown or remote device control.

EDAMAME uses one trust layer across the SDLC, with specific product surfaces for workstations, CI/CD infrastructure, and fleet visibility:

EDAMAME Security and EDAMAME Posture share the same core intelligence and operate autonomously:

OBSERVE  →  Continuous monitoring of threats, network, traffic, and identity
ANALYZE  →  LLM-powered analysis with risk scoring and pattern recognition
DECIDE   →  auto_resolve (safe actions) or escalate (risky actions needing review)
ACT      →  Remediate threats, dismiss false positives, update whitelists
REPORT   →  Slack notifications, Hub dashboards, compliance reports

Key Principle: Human-in-the-loop safety. Risky decisions are escalated and all actions are reversible.

EDAMAME Security and EDAMAME Posture can use EDAMAME's managed LLM service through the EDAMAME Portal, eliminating the need for separate API keys:

Authentication:

• EDAMAME Security (GUI): OAuth sign-in through EDAMAME Portal
• EDAMAME Posture (CLI): API key via EDAMAME_LLM_API_KEY environment variable

Alternative Providers: Both products also support Claude (Anthropic), OpenAI, and Ollama (local) if you prefer bring-your-own LLM.

Documentation: EDAMAME Portal README | Portal Wiki

EDAMAME Security is your all-in-one tool to secure, understand, and prove your dev workstation, from OS to network. It delivers:

• Security Benchmarks: Assess against standards like CIS Benchmarks, SOC 2, and ISO 27001
• AI Assistant (Agentic System): Intelligent automation that analyzes and resolves security issues automatically with two operational modes: "Do It For Me" (fully automatic) and "Analyze & Recommend" (review before execution). Supports multiple LLM providers:
  • EDAMAME Portal LLM - Managed AI service with OAuth authentication via EDAMAME Portal; free and paying tiers (see portal.edamame.tech); zero API key management
  • Claude (Anthropic) - Detailed reasoning and nuanced security decisions (API key required)
  • OpenAI (GPT) - Fast responses and general-purpose analysis (API key required)
  • Ollama (Local) - Privacy-focused, runs entirely on your machine (no cloud dependency)
  • Automation Controls - Collapsible controls with live workflow status, Do It For Me/Analyze buttons, scheduling toggles (Auto run + Auto confirm), and inline cancel action
  • MCP Server - Streamable HTTP Model Context Protocol (MCP) server (configurable host/port, default localhost:3000) with PSK authentication (desktop builds only) enables external AI tools like Claude Desktop to securely access 19 security automation tools
  • Action History - Complete transparency via filterable action history, Confirm/Undo All, detailed reasoning, and deep links to related security views
• One-Click Remediation: Automatically fix common security issues without requiring deep security expertise
• Network Visibility: Built-in network scanning (inspired by 'Nmap') and traffic monitoring (inspired by 'Wireshark'). Anonymized, RAG-based analysis of device vulnerabilities and suspicious traffic sessions; ML-based traffic anomaly detection
• Digital Identity Management: Integrated with Have I Been Pwned for online identity management with AI analysis of security impact
• Certified Compliance Report Generation: Contractors required to prove their device meets baseline security requirements (SOC 2 or ISO 27001) can generate a compliance report with a single click.
• Privacy-first management: Connects to our no-MDM platform (edamame.tech), enabling continuous reporting of security posture and integration with access control to implement Zero Trust for code, secrets, and test data access.

Documentation: EDAMAME Security README | Security Wiki

• CLI or GUI Interface: Use the app interface or CLI commands (edamame_posture get-score, etc.) - they have equivalent functionality
• Self-Directed Assessment: Evaluate your workstation's security posture against industry standards independent of any central management
• Local-Only Controls: Enforce security policies without external dependencies or registration requirements
• Developer Workflow Integration: Add security gates to your personal CI/CD pipeline and coding agent infrastructure with exit-code-based controls

Protect your CI/CD runners, build hosts, self-hosted agent hosts, and personal repositories with powerful security tools:

• Available Tools:

  • CLI (EDAMAME Posture): For Windows, macOS, or Linux (GitHub)
  • GitHub Action (EDAMAME Posture GitHub Action): Seamless GitHub integration (GitHub)
  • GitLab Action: Integration for GitLab CI/CD workflows (GitLab)

• Installation Methods:

  • Linux quick install: curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/edamametechnologies/edamame_posture/main/install.sh | sh
  • Supports configuration arguments for automated setup with AI Assistant
  • Example: | sh -s -- --user USER --domain DOMAIN --pin PIN --claude-api-key KEY --agentic-mode auto
  • Linux: APT repository (Debian/Ubuntu/Raspbian), Alpine APK, or direct binary download
  • macOS: Homebrew (brew install --cask edamametechnologies/tap/edamame-posture) or direct binary download
  • Windows: Chocolatey (choco install edamame-posture) or direct binary download

1. Runner and Coding Agent Host Hardening

• Automatically scan for vulnerabilities and misconfigurations in your CI/CD and self-hosted coding agent environments
• Enforce minimum security scores on runners before allowing builds to proceed
• Apply automatic remediations to fix common security issues in ephemeral environments
• Let coding agents participate in runtime monitoring via MCP integration
• Example: edamame_posture check-policy 2.0 "encrypted disk disabled,critical vulnerability" "SOC 2"

2. Egress traffic control & anomaly detection

• Create whitelists based on normal build behavior to define allowed network connections
• Detect and block suspicious outbound connections that could indicate supply chain attacks
• Generate network audit trails for security verification and incident response
• Example: edamame_posture background-start-disconnected --network-scan --packet-capture --whitelist github_ubuntu

3. Pipeline Security Gates

• Fail builds when security posture doesn't meet requirements, preventing insecure code deployment
• Verify that code commits originated from properly secured environments
• Ensure network traffic conforms to defined whitelists during the build process
• Example: edamame_posture get-sessions (returns non-zero exit code if whitelist is violated)

Example GitHub Action for your personal repository:

- name: Setup EDAMAME Posture
  uses: edamametechnologies/edamame_posture_action@v1
  with:
    network_scan: true
    packet_capture: true
    auto_remediate: true
    edamame_minimum_score: 2.0
    custom_whitelists_path: ./.github/workflows/whitelist.json
    set_custom_whitelists: true

# Later, at workflow end:
- name: Verify network activity
  uses: edamametechnologies/edamame_posture_action@v1
  with:
    dump_sessions_log: true
    exit_on_whitelist_exceptions: true  # Fail pipeline if unauthorized network traffic is detected

Real-world scenario: During a build, your runner makes unexpected connections to unknown IP addresses or domains. EDAMAME detects this unauthorized egress traffic, fails the pipeline, and provides detailed logs showing what connections violated your whitelist — potentially preventing a supply chain attack or data exfiltration incident.

How EDAMAME detected CVE-2025-30066: When the popular GitHub Action tj-actions/changed-files was compromised in March 2025, attackers modified it to leak CI/CD secrets by making unauthorized network calls to fetch a malicious payload from gist.githubusercontent.com. EDAMAME's network monitoring detected this exact attack pattern during our security testing. By capturing all packet-level traffic from the CI runner and enforcing strict network whitelists, EDAMAME immediately flagged the suspicious outbound connection that other tools missed. This Zero Trust approach to CI/CD networking effectively prevented the payload from being executed, protecting thousands of repositories from credential theft — demonstrating why comprehensive network visibility is essential for modern supply chain security.

• Zero-Configuration Integration: Add security gates to your personal repositories with minimal setup
• Local Policy Enforcement: Define and enforce security standards without requiring external registration or connectivity
• Disconnected Network Monitoring: Monitor and enforce network traffic whitelists in your CI/CD pipeline
• Security Signatures: Add cryptographically verifiable security posture signatures to your commits and releases
• Automated Runner & Agent Hardening: Automatically secure CI/CD runners and coding agent servers, and respond to security posture changes
• Security Beyond Compliance: Address network risks with automated audits and integrated network scanning

Coding agents like Cursor, Claude Code, Claude Desktop, OpenClaw, OpenAI Codex, and Hermes execute shell commands, access credentials, install packages, and modify system configurations autonomously. They are among the most privileged processes on your workstation or server. EDAMAME Posture provides two complementary integration paths:

Path 1: Harden the Server Running Your Agent

Deploy EDAMAME Posture CLI on the server or workstation hosting your coding agent—the same way you would secure a self-hosted CI/CD runner:

• Continuous posture monitoring and scoring
• Automated hardening with agentic remediation (--agentic-mode auto)
• L7 traffic analysis and LAN scanning
• Human-in-the-loop escalation via Slack

Path 2: Let the Agent Watch Itself (MCP)

Connect your coding agent to EDAMAME Posture via Model Context Protocol (MCP). The agent queries real-time security signals and cross-references its declared intent against actual system behavior:

• Two-plane security: Correlate reasoning-plane intent (what the agent decided) with system-plane effects (what the machine did)
• Traffic divergence detection: Flag when the agent's actual network behavior doesn't match its stated actions
• Posture drift alerts: Surface before/after evidence when firewall state, remote access, or endpoint protection changes unexpectedly
• Self-monitoring: The agent continuously validates its own environment remains secure

Enhance your organization's security posture with team-focused capabilities:

• Cross-Team Standardization: Enforce consistent security policies across all development teams
• Security Visibility: Monitor security posture across your entire device fleet
• Policy Compliance Reporting: Generate aggregated compliance reports for auditors
• Conditional Access Controls: Automatically restrict access to sensitive systems based on security posture
• Centralized Policy Management: Define policies in EDAMAME Hub that apply across all pipeline runs
• Domain-Based Policy Checks: Ensure adherence to organization-wide standards
• Audit Trail: Generate comprehensive audit trails of security posture across your build environments
• Historical Verification: Verify that code was committed from compliant environments
• Tiered Security Controls: Progress from local checks to domain-managed policies as your security needs mature

Access the free plan of our SaaS service for enterprises, including a demo on a simulated domain: EDAMAME Hub. Create your domain, verify it, and onboard your users through the Onboarding tab.

Documentation: EDAMAME Hub README | Hub Wiki

EDAMAME's "reporting-only" architecture prevents remote control of endpoints, reducing legal and privacy liabilities while building trust and shared responsibility:

• Centralized Policy Management: Define and enforce security requirements through EDAMAME Hub
• Continuous Compliance: Track security posture across the development lifecycle
• No Admin Abuse: Ideal for contractors and third parties who remain confident and cooperative
• Zero Trust Access Control: Conditionally grant access to code, secrets, and test data based on security posture

EDAMAME integrates with your existing security infrastructure:

• Compatible with REST or GraphQL-supporting APIs for seamless integration
• Works with Identity Providers, Application Providers, and Network Access Control systems
• Only secure, recognized endpoints can access critical resources
• Learn more: Integrations

EDAMAME Core is the central engine that powers both EDAMAME Security and EDAMAME Posture. While closed source, it provides the high-performance primitives that underpin the SDLC trust layer:

• Cross-platform assessment engine: Consistent posture evaluation across macOS, Windows, and Linux
• Threat detection & scoring: Policy-driven findings compiled into a unified security score
• System configuration analysis: Deep OS checks with remediation orchestration
• Network visibility: LAN discovery, traffic monitoring, and session analysis
• Intelligent advisory system: Guided fixes with state tracking and progress monitoring
• Privileged operations via Helper: Secure separation for actions requiring elevated rights
• Optimized runtime: Async, resource-efficient implementation for desktop, CI/CD, and coding agent environments
• Service interface: RPC surface consumed by the app and developer CLI

See EDAMAME Core API for the full public API documentation covering architecture, 150+ RPC methods, event system, gRPC and MCP interfaces, feature flags, and multi-platform support.

OEM Licensing: EDAMAME Core is available for OEM integration into third-party products. Contact EDAMAME Technologies for licensing inquiries.

EDAMAME provides runtime behavioral monitoring for AI coding agents and developer IDEs through named integrations on EDAMAME Security and EDAMAME Posture surfaces:

EDAMAME maintains several open source projects that power the platform and can be used independently:

• Agent integrations (Cursor, Claude Code, Claude Desktop, OpenClaw, Codex, Hermes): Open source runtime behavioral monitoring packages that bridge each agent's transcripts to EDAMAME's divergence engine for two-plane security. See Agent Runtime Security above for repos and install paths.
• Threat Models: Public repository of security benchmarks, policies, whitelists/blacklists, and signatures used by the platform. See Threat Models Wiki.
• Flodbadd: Network visibility engine for packet capture, session analysis, whitelists/blacklists, and on-device anomaly detection. An example tool using it is Flodviddar.
• Undeadlock: Low-overhead diagnostics for async locks and maps to surface contention/deadlocks during development.
• Extended Isolation Forest: Our fork of the extended-isolation-forest Rust crate used for egress traffic ML anomaly detection.

Our system helper is fully open source:

• EDAMAME Helper: Privileged companion app that safely executes checks and remediation steps requiring elevated rights.

It relies on open source libraries:

• EDAMAME Models: Signature-based cloud data model manager with custom overrides and thread-safe access.
• EDAMAME Foundation: Core Rust library for posture assessment, threat models, secure helper IPC, scoring, and policy enforcement.

Our closed source EDAMAME Core (Rust) -- see EDAMAME Core API for public API documentation -- uses the following additional libraries:

• EDAMAME Backend: Complete list of data structures used to communicate with the backend.

The CLI wrappers for edamame_core are fully open source:

• GitHub Action / GitLab Action: CI/CD integrations to enforce posture and network controls in pipelines.
• EDAMAME CLI: Developer-friendly interface to EDAMAME core services with interactive RPC exploration. Available via APT (Debian/Ubuntu), APK (Alpine), Homebrew (macOS), Chocolatey (Windows), or direct binary download.
• EDAMAME Posture: Cross-platform CLI to assess posture, remediate issues, enforce policies, and generate compliance reports. Available via APT (Debian/Ubuntu), APK (Alpine), Homebrew (macOS), Chocolatey (Windows), or direct binary download.