Docs / Platform Protections

Security overview

BreachFix Cloud separates control plane (API gateway) from data plane (customer Docker workloads). Workspaces get isolated Docker networks and cgroup limits.

Current gaps

  • API rate limiting not implemented
  • Platform DDoS mitigation not built in — use Cloudflare at edge
  • SMTP port blocking is partial (cap drop only)
  • RBAC not enforced on team roles