scd-server

scd-server extends the CLI with team collaboration features. It runs entirely in your own infrastructure — no code, findings, or scan data ever leaves your network.

What scd-server adds

• Team dashboard — aggregated findings, trend analysis, and knowledge gap tracking across your whole team
• Exception approval flow — developers request exceptions, team leads approve or reject with a reason
• CRA Compliance Report — ready-made documentation for EU Cyber Resilience Act conformity assessments
• Findings history — every scan from every developer in one place, searchable and filterable
• Deep Analysis — AI-powered analysis of CRITICAL and HIGH findings; confirms real vulnerabilities, identifies false positives, and suggests concrete fixes (Professional)
• Notifications — dashboard alerts, Discord webhooks, and email for license events, finding spikes, and more

How it fits together

Developer machine              Your infrastructure
─────────────────              ──────────────────
scd CLI                   →   scd-server
  scd scan                       Team dashboard
  scd accept / ignore            Exception approval
  scd sync                       Findings history
  scd scan --deep                Deep analysis

The CLI pushes scan events to scd-server automatically after each scan. Nothing passes through Activemind's servers — the only external call scd-server makes is a daily license heartbeat to api.securecodebydesign.com.

Requirements

• Node.js 22 or later, or use the self-contained binary (no Node.js required)
• A machine or server in your infrastructure reachable by your developers
• A valid Team or Professional license

Next steps

• Installation — download, configure, and start scd-server
• Connecting the CLI — point the CLI at your scd-server instance