Self-Hosted · Open Platform · Enterprise Ready

Everything
your IT team
actually needs.

Uptime monitoring, security scanning, DORA metrics, CVE tracking, breach detection, Cloudflare Fight Mode — unified in one platform. Deploy in minutes, own your data forever.

Coming Soon
Explore Features
Docker Compose deploy
No per-seat pricing
Your data, your servers
r9ops.com — Dashboard
api.production.com 99.98% UP
dashboard.myapp.io 100% UP
auth.internal.net 97.2% SLOW
payments-gateway.io 99.99% UP
cdn.staging.myapp.io 94.1% DOWN
24
Monitors
99.4%
Overall Uptime
3
Active CVEs
Security Watchlist — Recent CVEs
HIGH Nginx 1.18.x — CVE-2024-7347 2d ago
MED PostgreSQL 14.x — CVE-2024-4317 5d ago
LOW Node.js 18.x — CVE-2024-22019 1w ago
0
Monitoring modules
0
Integrations & tools
5
Deploy time with Docker
0
Per-seat cost, forever
Platform Overview

One platform.
Every tool your team needs.

R9ops replaces 12+ separate tools with a single, self-hosted platform. From uptime checks to Cloudflare Fight Mode — it's all here, fully integrated.

Uptime Monitoring
Real-time monitoring for HTTP, TCP, DNS, keyword match, and API endpoints. Smooth monitoring with configurable alert thresholds.
HTTP/HTTPS TCP DNS Keyword Match API Checks SSL Expiry Smooth Monitoring
Web Security Scanning
OWASP ZAP powered full, quick, and passive security scans. Every finding tagged with CVE and CWE references.
HIGH SQL Injection (CWE-89)
HIGH Missing HSTS Header
MED Clickjacking Possible
MED Weak CSP Policy
LOW Cookie Without Secure Flag
INFO Server Version Exposed
OWASP ZAP CVE/CWE Tags HTML Reports
Performance Auditing
Lighthouse & sitespeed.io powered audits with Core Web Vitals, LCP, FCP, CLS, TTFB tracking and performance budgets.
Performance94
SEO Score98
Accessibility88
DORA Metrics
Engineering performance metrics from Jira, Bitbucket, and ArgoCD. Deployment frequency, MTTR, lead time, and change failure rate.
4.2/d
Deploy Freq.
↑ Elite
48m
MTTR
↑ High
2.1h
Lead Time
↑ Elite
3.2%
Fail Rate
↑ High
Multi-Channel Alerting
Instant notifications when your services go down, recover, or enter maintenance — via every channel your team already uses.
Microsoft Teams
Slack
Discord
Email (SMTP)
Webhooks
Power Automate
Adaptive Cards
Breach Detection
Monitor emails, domains, and passwords against HIBP, DeHashed, and NVD. Watchlist with recurring checks and instant alerts.
HIBP DeHashed NVD Watchlist
CVE Stack Watchlist
Watch specific technologies (e.g. "Apache Log4j", "Nginx") and get notified instantly when new CVEs are published in NVD.
NVD Feed Version Matching Email/Webhook
Dependency Security
Scan Bitbucket repositories for vulnerable dependencies. Supports npm, Go, Python, Maven, NuGet, Ruby, Cargo via Trivy + OSV.
Trivy OSV Bitbucket 8 Ecosystems
Compliance Reports
Generate SOC2 and ISO27001 compliance reports for any time period. One-click export and scheduled delivery.
SOC2 ISO27001 PDF Export
Public Status Pages
Beautiful public status pages with live service status, incident updates, maintenance windows, RSS feeds, and embeddable badges.
RSS Feed Incidents Status Badge
Permission Management
Category-based Read/Write permission matrix for Monitoring, Security, Analytics, and Operations. LDAP/AD SSO, audit logs, and time tracking.
Read/Write Matrix LDAP/AD Audit Logs 3 Roles
Team KPI Deep Dive
Cross-platform team performance metrics from Jira, Bitbucket, SonarQube, and Argo CD. Pattern-based team grouping for focused analysis.
Jira Bitbucket SonarQube Argo CD
Dependency Tracker
Track every package change across your repositories. Get webhook alerts when dependencies are added, removed, or updated.
Package Changes Webhook Alerts npm/Go/Maven
Cloudflare Fight Mode
Block malicious IPs via Cloudflare Access Rules with a role-based approval workflow. Any team member can raise an IP block request — admins and operators approve with one click. Full IP intelligence shows country, ISP, ASN, and proxy/datacenter detection before you approve.
Pending Approval
185.220.101.47 🇩🇪 DE · Tor Exit
45.155.205.233 🇷🇺 RU · Datacenter
Recently Blocked
91.108.4.200 🇳🇱 NL · VPN
194.165.16.11 🇨🇳 CN · ISP
Cloudflare API Approval Workflow IP Intelligence Country / ISP / ASN Proxy Detection CSV Export Email Notifications
InfraSight — AI Infrastructure Health
SSH into your Elasticsearch, RabbitMQ, and Couchbase cluster nodes to collect logs, then analyze them with GPT-4 or Claude. Get a real-time health score, critical issue list, and cost-tracked AI run history — all in one place.
Node Status
es-node-01 · Healthy
rmq-node-02 · Warning
cb-node-03 · Healthy
Last AI Analysis
⚠ 2 warnings detected
High memory pressure on rmq-node-02. Consider increasing heap size.
AI cost: $0.0024 · 3 nodes analysed
SSH Log Collection Elasticsearch RabbitMQ Couchbase GPT-4 · Claude Cost Tracking
AI Visibility Analyzer
Score your websites for visibility in AI-powered search engines. Checks robots.txt AI bot permissions, JSON-LD schema stacking, Core Web Vitals, heading hierarchy, and meta quality — producing a GEO score across Technical, Content, AI Visibility, and Performance pillars.
Technical SEO90
AI Visibility (GEO)72
Performance95
GEO Analysis Core Web Vitals Schema Stacking AI Bot Access ChatGPT · Claude · Perplexity
Security Intelligence

Full security stack.
Zero blind spots.

R9ops combines web security scanning, dependency analysis, breach monitoring, and CVE tracking into a single security intelligence layer.

🛡️

OWASP ZAP Web Scanning

Full, quick, and passive scans. Every finding tagged with CVE and CWE references, scored by severity.

📦

Dependency Vulnerability Scanning

Trivy + OSV CLI scans across npm, Go, Python, Maven, NuGet, Ruby, and Cargo ecosystems in Bitbucket repos.

🔍

Breach Watchlist

Recurring checks against HIBP and DeHashed for emails and domains. Alert instantly when credentials appear in a breach.

⚠️

CVE Technology Watchlist

Watch specific tech stacks for new NVD CVEs. Semantic version matching — get alerted only when your version is affected.

🔥

Cloudflare Fight Mode

Block malicious IPs via Cloudflare Access Rules with a role-based approval workflow. IP intelligence shows country, ISP, ASN, and proxy/datacenter status before you approve. Full audit trail, CSV export, and email notifications on approval.

Security Overview — Last 30 Days ● 3 Critical
CRITICAL
CVE-2024-7347 · Nginx 1.18.x
CVSS 9.1 · Buffer overflow in ngx_resolve_name_done
HIGH
CVE-2024-4317 · PostgreSQL 14
CVSS 7.5 · Privilege escalation via row security
MEDIUM
lodash 4.17.19 · package-lock.json
Prototype pollution · Fix: upgrade to 4.17.21
MEDIUM
ZAP Scan · admin.myapp.io
Missing HSTS · X-Frame-Options header absent
Breach Watchlist — Last Check
2
Breached emails
24
Clean emails
1
Domain flagged
Team KPI Dashboard — Q1 2025 ● Live
Deploy Frequency
4.2/day
↑ Elite performer
MTTR
48min
↑ High performer
Lead Time
2.1hrs
↑ Elite performer
Change Fail Rate
3.2%
↑ High performer
SonarQube — Code Quality
A
Reliability
A
Security
B
Maintain.
84%
Coverage
Engineering Intelligence

Understand your
team's performance.

DORA metrics, SonarQube quality scores, ArgoCD deployments, and Jira flow metrics — unified into one team KPI view.

📊

DORA Metrics — Jira + Bitbucket

Calculate deployment frequency, lead time for changes, MTTR, and change failure rate from real ticket and commit data.

🚀

ArgoCD DORA Integration

Source DORA metrics directly from Argo CD sync events. Detect rollbacks, OOM kills, and deployment anomalies automatically.

🔬

SonarQube Integration

Pull code quality metrics — bugs, vulnerabilities, code smells, coverage — and track trends over time per team.

Monitoring & Alerting

Know before
your users do.

Smooth monitoring prevents false alarms. Multi-channel alerting ensures the right person is notified, every time.

⏱️

Smooth Monitoring

Configurable delay thresholds prevent alert noise. Only trigger when a service is truly down, not on transient failures.

🔔

Incident Management

Structured incident lifecycle from investigating to resolved. Link alerts to incidents, track updates, and manage severity.

🗓️

Maintenance Windows

Schedule planned maintenance to suppress alerts automatically. Teams get advance notifications and calendar events.

🌐

Public Status Pages

Transparent status pages with live uptime, active incidents, maintenance schedules, RSS feeds, and embeddable badges.

Alert History — Last 24 Hours 24 events
cdn.staging.myapp.io — DOWN
Teams + Email notified · 14:32
cdn.staging.myapp.io — RECOVERED
Downtime: 8 min · 14:40
Maintenance — auth.internal.net
Scheduled 20:00 – 22:00 · Alerts suppressed
SSL Expiry Warning — api.prod.com
Certificate expires in 14 days · Slack sent
Notification channels active
💬 Teams 🟢 Slack 🎮 Discord 📧 Email 🔗 Webhook
Integrations

Works with your
entire stack.

R9ops integrates with the tools your teams already use — from project management to CI/CD to communication platforms.

Jira
Bitbucket
Argo CD
SonarQube
Microsoft Teams
Slack
Discord
OWASP ZAP
Trivy
HIBP
NVD / NIST
Wappalyzer
Lighthouse
LDAP / AD
Power Automate
Cloudflare
Self-Hosted First

Your data.
Your servers. Your rules.

R9ops is built to run inside your infrastructure. No data leaves your network. No vendor lock-in. No per-seat pricing surprises.

01
Data Sovereignty
All monitoring data, security scan results, CVE findings, and user information stays within your own infrastructure. Perfect for regulated industries and compliance requirements.
02
No Per-Seat Pricing
Deploy R9ops for your entire organization — 5 users or 500 — for the same cost. Add monitors, users, and integrations without watching a billing meter spin.
03
Enterprise Authentication
LDAP and Active Directory integration out of the box. Use your existing corporate identity provider — no separate user management needed.
04
Air-Gap Capable
Run R9 in fully isolated environments. Configure optional external API connections (NVD, HIBP) only if your security policy allows — everything else works offline.
05
Compliance Ready
Built-in SOC2 and ISO27001 report generation. Full audit log of every action with IP addresses and user agents. Granular role-based permissions per module.
06
Docker Native
Deployed via Docker Compose with a single command. All services — backend, workers, database, frontend — fully containerized and production-ready out of the box.
Platform Capabilities

Top 12 IT tools your team
can replace with R9ops.

  1. 01
    Uptime Monitoring

    Replace standalone uptime tools like Better Uptime or UptimeRobot — HTTP, TCP, DNS, keyword, and API checks in one place.

  2. 02
    Web Security Scanning

    Replace dedicated DAST tools — OWASP ZAP full/quick/passive scans with CVE and CWE tagging, scored by severity.

  3. 03
    DORA Metrics

    Replace separate engineering analytics dashboards — deployment frequency, MTTR, lead time, and change failure rate from Jira, Bitbucket, and ArgoCD.

  4. 04
    CVE Stack Watchlist

    Replace manual NVD monitoring — watch specific tech stacks with semantic version matching and instant alerts for new vulnerabilities.

  5. 05
    Breach Detection

    Replace manual HIBP checks — recurring watchlist monitoring against HIBP and DeHashed for emails, domains, and passwords.

  6. 06
    Dependency Security Scanning

    Replace standalone SCA tools — Trivy + OSV scans across npm, Go, Python, Maven, NuGet, Ruby, and Cargo in Bitbucket repos.

  7. 07
    Compliance Reporting

    Replace manual compliance workflows — automated SOC2 and ISO27001 report generation with one-click PDF export.

  8. 08
    AI Visibility Analyzer

    Replace manual GEO audits — automated website scoring for AI search engine visibility across ChatGPT, Claude, and Perplexity.

  9. 09
    Cloudflare Fight Mode

    Replace manual Cloudflare IP management — role-based approval workflow for IP blocking with full IP intelligence, audit trail, CSV export, and email notifications.

  10. 10
    Team KPI Deep Dive

    Cross-platform team performance metrics from Jira, Bitbucket, SonarQube, and Argo CD with pattern-based team grouping for focused analysis.

  11. 11
    Dependency Tracker

    Track every package change across repositories. Get instant webhook alerts when dependencies are added, removed, or updated.

  12. 12
    Permission Management

    Category-based Read/Write permission matrix. Control access per team role across Monitoring, Security, Analytics, and Operations.

Get Started

Up and running
in under 5 minutes.

Deploy R9ops with a single Docker Compose command. Everything is included — database, backend, workers, and frontend. No infrastructure expertise required.

1

Clone the repository

Get the source from GitHub and copy the example environment file.

2

Configure environment

Set your SMTP, API keys, and database credentials in .env.

3

Launch with Docker Compose

All 7 services start automatically. Access the dashboard at port 3000.

bash
# Clone R9
$git clone https://github.com/your-org/r9ops
$cd r9ops
 
# Configure environment
$cp .env.example .env
$nano .env
 
# Launch all services
$docker compose up -d
 
Creating r9-postgres ... done
Creating r9-backend ... done
Creating r9-seo-runner ... done
Creating r9-security-runner ... done
Creating r9-breach-runner ... done
Creating r9-repo-runner ... done
Creating r9-frontend ... done
 
✓ R9 is running at http://localhost:3000
→ Default admin: admin / changeme
Start Today

The platform your
IT team has been waiting for.

Stop juggling 8 different tools. R9ops gives your team everything they need to monitor, secure, and optimize your infrastructure — in one self-hosted platform.

Coming Soon
Self-hosted · No credit card · No per-seat pricing