Architecture Overview

Basirah's closed-loop remediation flow and platform design.

2 min read · For: Security Engineers Admins · Updated Mar 22, 2026 · Edit

Basirah is designed around a closed-loop remediation flow. Every vulnerability that enters the system is tracked through a deterministic lifecycle until it’s verified as fixed or explicitly accepted as risk.

The closed loop

Scanner telemetry
       |
  Ingest & normalize --> Deduplicated findings
       |
  Assign & track --> Work items (owned, SLA-governed)
       |
  Dispatch --> External tickets (Jira / ServiceNow / Linear)
       |
  Verify --> Re-scan confirmation
       |
  Evidence --> Audit-ready packages
       |
  Report --> Quantified risk reduction

Key design principles

Normalize everything. Findings from different scanners are translated into a common format and deduplicated. You work with one finding per vulnerability-asset pair regardless of how many scanners report it.

Track to verified closure. Work items carry SLA deadlines and require scanner-confirmed verification before closing. A ticket marked “Done” isn’t enough — Basirah confirms the vulnerability is actually gone.

Prove it happened. Every step in the remediation chain is recorded. Evidence packages bundle the full trail into auditable, integrity-verified artifacts.

Isolate tenants. Each organization’s data is fully isolated. Users in one organization can’t access another’s findings, work items, or configurations. MSSPs manage multiple tenants through a parent-child model.

Findings & Canonicalization

How scanner output becomes a single source of truth.

Work Items & SLA Governance

Owned remediation units tracked against deadlines.

Verification

Re-scan confirmation that a vulnerability is actually gone.