Getting Started
Start with WitnessOps governed execution, operational controls, and receipt evidence.
WitnessOps is a governance layer for security operations. It wraps existing tools in policy-enforced runbooks and emits signed receipts and linked execution material for every governed operation.
This is not a scanner. It governs tools like Nmap, Nuclei, and Burp Suite.
Step 1: Understand the Problem
Manual security testing produces no verifiable record. After a pentest, when someone asks what ran, who approved it, and whether it stayed in scope, the answer is scattered across logs, tickets, and memory.
WitnessOps solves this by enforcing policy at execution time and emitting signed receipts for every governed action. The receipt records what governed action ran, which policy context applied, who was recorded as the operator, when it completed, and which execution material it binds to.
Step 2: Read a Runbook
A runbook is a YAML workflow. Each step names a tool, declares its inputs, and specifies the policy gates that must pass before execution.
Start with a simple runbook. Notice the sequence, the gates, and how each step feeds the next receipt.
See Runbooks for format details and an example structure.
Step 3: Run Your First Governed Operation
Start with a workflow you already run manually: a port scan, a web application test, or an incident isolation procedure.
- Define the runbook. Write the YAML. Declare targets, tools, and gates.
- Set the scope. Specify which domains, IPs, or assets are authorized.
- Execute. WitnessOps enforces every gate. If a step requires approval, execution pauses until the configured approving principal acts. Default configurations can still allow self-approval.
- Inspect the receipt. After execution completes, WitnessOps emits a signed receipt. The receipt contains the runbook ID, operator identity, policy gate context, timestamp, execution hash, continuity link, and a cryptographic signature.
The receipt is the signed continuity layer inside a wider evidence record. It links to the previous receipt in the chain, forming a continuous execution history.
What to Read Next
- Governed Execution — how policy enforcement works at runtime
- Policy Gates — scope checks, approvals, and failure handling
- Receipts — what a receipt contains and how to verify one