Skip to content

Portal tour

The SARC portal is the human-facing layer above Fides + ServiceNow + your CI + your cloud. Every change moves the same way: a commit builds Fides attestations (artifact/SBOM, security, deploy), the Fides change-gate scores the trail and returns a compliance verdict, a ServiceNow Change Request is created carrying that risk score plus the SBOM/SARIF evidence, qa auto-approves when compliant while prod goes to CAB, then ArgoCD deploys and Fides snapshots the environment. Below: every operator surface that exposes a step of that flow, grouped by purpose. Click any screen for the full-resolution view.

37 screens · grouped into 8 categories · watch the product demo + code-to-prod walkthrough for video.

Overview

The first three screens an operator sees on login — top-level posture, environment status, and DORA-style delivery metrics.

Operator dashboard
Operator dashboard KPI tiles for CR throughput, vuln backlog, evidence freshness, and incident status.
Environments
Environments Per-cloud, per-env health rollup. Fides env-snapshot freshness + drift detection in real time.
DORA metrics
DORA metrics Lead time, deploy frequency, MTTR, change-fail rate. Computed nightly via CronJob.

Pipelines, CRs, change windows

How software actually ships. Multi-CI pipeline view, ServiceNow CRs enriched with the Fides change-gate risk score + evidence, change-window enforcement at deploy time.

Pipelines
Pipelines Unified view across GitLab CI, GitHub Actions, and Azure DevOps. Status, duration, Fides trail link.
Change requests
Change requests ServiceNow CRs enriched with the Fides risk score (u_risk_score), SBOM, SARIF, and the Fides trail snapshot. qa auto-approves when compliant; prod goes to CAB.
Change windows
Change windows Calendar-synced (M365 + Google Workspace) approved-deploy windows. Enforced at the ArgoCD PreSync hook.
Problems
Problems ServiceNow Problem table — correlated with services, CRs, and incidents via the service graph.
Issue sync
Issue sync Three-way mirror: GitLab issues ⇄ GitHub Issues ⇄ ADO work items. Configured per-tenant.

Service catalog + graph + teams

The CMDB-style view of what runs where, who owns it, and how services depend on each other. Powers incident-to-service correlation.

Service catalog
Service catalog 23 services across internal infra, podtato mesh, and external integrations. Tier classification + ownership.
Service graph
Service graph Directed dependency graph. Drives the service-to-incident correlation that ServiceNow can't compute natively.
Teams
Teams Service ownership rolled up to teams for chargeback + escalation routing.

SBOM + vulnerabilities + scans

Vulnerability + supply-chain surface. Built on Fides attestations + GitLab Security scanners + Trivy + Grype + Checkov.

SBOM browser
SBOM browser CycloneDX SBOMs per component. Drill into a component to see license + provenance + cross-service usage.
Vulnerabilities
Vulnerabilities Redesigned 7-col table — combined SLA cell, KPI tiles, URL-persisted filters, drawer with CVE/NVD/OSV links.
Vuln SLO burndown
Vuln SLO burndown SLO-style burndown across SLA tiers. Cost-vuln correlation badge on each row.
Security scan runs
Security scan runs Per-pipeline scanner status across SAST, DAST, container, secret, dep, and IaC scanning.

Compliance + risk + controls + evidence

The auditor-facing surface. Framework cards, the 5-axis risk score, control mapping, policy gates, the Fides ground truth, and one-button evidence export.

Compliance dashboard
Compliance dashboard Coverage cards per framework: SOC 2, ISO 27001, DORA, PSD2, NIST 800-53, PCI-DSS, SOX.
5-axis risk score
5-axis risk score Per-CR risk clearance: change blast radius, vuln debt, evidence freshness, control coverage, behavioural pattern.
Control mapping
Control mapping Phase A/B/C redesign: KPI strip, evidence table, 8-group cross-link sidebar, window picker.
Kyverno policies
Kyverno policies PreSync policy gates enforced by ArgoCD. License compliance, vuln SLO, change-window enforcement.
Fides integration
Fides integration Live view of the self-hosted Fides ledger — attestations + trails + env snapshots. Quick drill from CR -> trail -> attestation -> evidence.
Evidence export
Evidence export One button: SOC 2 / ISO 27001 / DORA / PSD2 / NIST evidence pack PDF. Time-window bounded.

CMDB + releases

What we pushed into ServiceNow CMDB. Service catalog walk back into ServiceNow CIs, with the release-notes browser on top.

CMDB browser
CMDB browser CMDB CIs as pushed by SARC: cmdb_ci_service, cmdb_ci_deployment, OpenShift Build -> BuildConfig -> ImageStreamTag -> Routes.
Release notes
Release notes Per-deployment release notes derived from commits + closed issues. HTML version is what goes into the ServiceNow CR.

Clusters, GitOps, timeline, Tekton, costs

Day-to-day ops surface. Multi-cluster view, ArgoCD app status, real-time SSE timeline, optional Tekton dashboard, FinOps roll-up.

Clusters (multi-cloud)
Clusters (multi-cloud) AWS EKS + Azure AKS + GCP GKE + local k3d + ROSA OpenShift (read-only). Per-cluster health + capacity.
ArgoCD apps
ArgoCD apps ApplicationSets across all 3 clouds. Sync status, log stream, manual sync button.
Real-time timeline
Real-time timeline SSE-driven activity stream — every CR, every deploy, every audit event, live.
Performance
Performance Cluster + workload performance snapshot. Lightweight — opt-in per tenant.
Tekton dashboard
Tekton dashboard Live PipelineRun status via SSE + per-step log streaming. Trigger button ADMIN-gated.
Cost dashboard
Cost dashboard Per-service cloud cost + per-team chargeback + right-sizing recommendations + cost-vuln correlation.

Audit, users, notifications, settings

Admin + auditor surfaces. Hash-chained audit log, AUDITOR role with magic-link, notification routing, tenant configuration.

Audit log
Audit log Hash-chained AuditLog — every privileged action signed and chained to the previous entry.
Users + roles
Users + roles AUDITOR role (time-boxed magic-link, no SMTP needed). Tri-tab create modal: manual / invite / CSV.
Notifications
Notifications Per-tenant routing rules — Slack, Teams, email, ServiceNow, custom webhooks.
Settings (overview)
Settings (overview) Tile-based settings grid: integrations, frameworks, agents, observability targets, billing.
Settings — AI
Settings — AI Multi-provider LLM: Anthropic / Azure OpenAI / Bedrock / Vertex / on-prem. Per-tenant key.
Settings — Agents
Settings — Agents AgentRecipeBinding per CI (GitLab + GitHub + ADO). Recipes: vuln-suggest-fix, problem-investigate, right-sizing-apply.
Settings — Tekton
Settings — Tekton 10 cols across 5 cluster targets for Tekton-on-Kubernetes wiring.
Help + docs
Help + docs In-portal help surface — quick links to runbooks + the AUDITOR onboarding flow.

Want to talk through what you see?

The demo scripts walk through compliance-director, CTO, and CFO talk tracks against this same portal. The getting-started guide shows how to bring the same portal up in your own cloud in under an hour.