Skip to main content

Enterprise Overview

Pixee Enterprise deploys into your infrastructure -- Dedicated SaaS, turnkey embedded cluster, Helm into existing Kubernetes, or fully air-gapped with your own LLM. Every deployment model delivers the same triage and remediation engine, the same scanner integrations, and the same audit trail. This section covers deployment options, compliance, security architecture, and how to measure operational impact.

Enterprise Capabilities

Enterprise adds infrastructure control, identity management, and compliance capabilities on top of the core triage and remediation engine.

  • Self-hosted deployment -- run Pixee on your infrastructure with your network policies
  • SSO and access control -- Google Workspace, Microsoft Entra ID, Okta, or embedded OIDC
  • Bring Your Own Model (BYOM) -- choose your LLM provider, own the keys, control the bill
  • Compliance controls -- audit-ready triage records, exportable evidence, framework alignment
  • Bundled observability -- metrics, logs, traces, and dashboards ship in the Helm chart
  • Enterprise support -- dedicated solutions engineering

Pixee ships approximately 25 releases every 6 months. Four deployment models, four LLM provider families, and four SCM integrations (GitHub, GitLab, Azure DevOps, Bitbucket) are available from a single deployment.

A single Pixee Enterprise deployment supports multiple SCM platforms simultaneously.

Deployment Models at a Glance

ModelBest ForInfra RequiredTime to Deploy
Dedicated SaaSTeams wanting zero infrastructure managementNoneMinutes
Embedded ClusterOrgs without Kubernetes, regulated industriesSingle Linux VM (8 vCPU, 32 GB RAM)Under 1 hour
Helm / BYO KubernetesOrgs with existing EKS/GKE/AKS clustersCustomer Kubernetes clusterUnder 1 hour
Air-GappedFederal, financial services, healthcare (no internet)Customer Kubernetes + private LLM endpointHours

Every model delivers the same triage and remediation engine. The only difference is where the infrastructure runs and how data flows through your network. See Deployment Options for architecture diagrams, data flow tables, and infrastructure requirements.

Enterprise Capabilities Summary

CapabilityStatusDetail Page
Self-hosted deployment (embedded cluster and Helm)GADeployment Options
Air-gapped deployment with private LLMGAAir-Gapped Deployment
SSO (Google Workspace, Microsoft Entra ID, Okta)GASecurity Architecture
Bring Your Own Model (OpenAI, Azure AI Foundry, Anthropic)GABring Your Own Model
Bundled observability (metrics, logs, traces, dashboards)GAObservability
Compliance mapping (SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, ISO 27001)GACompliance
Multi-SCM support (GitHub, GitLab, Azure DevOps, Bitbucket)GAGetting Started
Hierarchical LLM routing (7 named tiers)GABring Your Own Model
Audit-ready triage records with LLM justificationGACompliance
Role-based access controlGASecurity Architecture

Measuring Success

Track these metrics from the Pixee reporting dashboard to evaluate operational impact:

MetricWhat It MeasuresSource
Merge ratePercentage of Pixee PRs merged by developersPixee dashboard: fix activity
Triage reductionPercentage of findings automatically classified (TP/FP/won't-fix)Pixee dashboard: triage summary
MTTRTime from finding detection to merged fixPixee reporting: remediation velocity
Compliance window adherenceCritical/high findings remediated within required timeframesPixee reporting + compliance tool
Finding volume trendTotal open findings over timePixee dashboard: backlog view

See Security & Trust for production metrics on fix quality and validation.

What's Next

Evaluating deployment options? Start with Deployment Options for architecture diagrams and data flow tables.

Planning the rollout? The Phased Rollout Guide covers the single-repo-to-enterprise adoption path with decision gates at each phase.

Reviewing compliance requirements? The Compliance page maps Pixee capabilities to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001.