Repod
Request a demo
APT Repository Management · Enterprise

Secure your
software supply
chain.

Repod is a self-hosted APT repository manager with built-in CVE scanning, CISO approval queue, and NIS2 compliance — all in a single container. No cloud dependency, no licence fees per package.

NIS2 Article 21 compliant
ClamAV + Trivy built-in
Deploy in 5 minutes
Request a demo Read the docs
$ docker compose up -d — running in 30 s
repod.internal/ui/packages
1 247
Packages
3
Pending review
0
CVEs critical
Recent uploads
Filter
nginx
1.27.3-1 · focal
Approved
openssl
3.0.14-0 · jammy
Pending
libssl-dev
3.0.14-0 · jammy
Scanning
curl
8.7.1-1 · noble
Approved
Core Features

Built for security teams

Repod ships everything a modern security-conscious organisation needs to control package distribution — no plugins, no add-ons, no surprises.

CISO Review Queue

Every package must pass human approval before reaching production. Dual-control workflow with full audit trail — required for NIS2 and SOC 2.

CVE Scanning

Trivy scans every package for known CVEs at upload time. Results are surfaced in the UI with CVSS scores, affected versions and fix recommendations.

Full Audit Trail

Every upload, approval, rejection and download is logged with timestamp, user identity and IP. Immutable logs ready for external audit export.

GPG Signing

Packages are GPG-signed server-side. Clients receive a public keyring they trust — no manual key management, automatic rotation support.

Role-Based Access

5 built-in roles: Admin, Security Officer, Maintainer, Developer, Reader. Fine-grained permissions at distribution and component level.

Self-Hosted · Air-Gap Ready

Single Docker container, no external SaaS calls. Runs on bare-metal, VM or Kubernetes. Perfect for classified, finance, and healthcare environments.

Security Pipeline

7-step verification before every deployment

No package reaches production without passing every gate. The pipeline is automatic — humans only intervene at the review step.

01
Upload
Developer uploads .deb via REST API or UI
02
AV Scan
ClamAV runs a full malware scan on the binary
03
CVE Scan
Trivy checks for known vulnerabilities with CVSS scores
04
Review Queue
Security Officer reviews scan results in the CISO dashboard
05
GPG Sign
Package is signed with the repository GPG key
06
Index
APT metadata (Packages.gz, Release) is regenerated
07
Distribute
apt-get update pulls the verified, signed package
All pipeline steps are logged and exportable
Every scan result, every approval, every rejection — exported as JSON for your SIEM or compliance report.
Audit log reference →
Interface

Designed for security teams, not just developers

A clean, information-dense UI that gives your CISO real-time visibility without opening a terminal.

repod.acme.corp
Repod
Dashboard Packages Review Queue 3 CVE Scanner Audit Log Settings

Dashboard

Last updated 2 minutes ago

Total Packages
1 247
+12 today
Pending Review
3
Needs action
Critical CVEs
0
All clear
Distributions
6
focal · jammy · noble
PackageVersionDistributionStatusUploaded
nginx 1.27.3-1 focal Approved 2h ago
openssl 3.0.14-0 jammy Pending 3h ago
libssl-dev 3.0.14-0 jammy Scanning 3h ago
curl 8.7.1-1 noble Approved 5h ago
openssh-server 9.7p1-1 noble Rejected 1d ago
Comparison

How Repod stacks up

The only APT repository manager with security-first features built-in — no add-ons, no extra licences.

Feature Repod You Nexus OSS Artifactory CE Aptly Cloudsmith
APT repository
Web UI
Built-in CVE scanning
AV malware scan
CISO review queue
GPG auto-sign
Audit trail
NIS2 compliance mode
RBAC (5 roles)
Self-hosted / air-gap
Single container
Open source

Comparison based on publicly available documentation. Last reviewed May 2026.

NIS2 · SecNumCloud ready

Compliance out of the box

Repod maps directly to NIS2 Article 21 requirements. Every action is logged, every package is traceable, every approval is documented — so your audit is ready when the auditor arrives.

Art. 21(2)(a) Risk analysis & security policies
Covered by: Audit trail + RBAC
Art. 21(2)(b) Incident handling
Covered by: CVE alerts + review queue
Art. 21(2)(d) Supply chain security
Covered by: GPG signing + AV/CVE scan
Art. 21(2)(e) Acquisition & development security
Covered by: Dual-control approval workflow
Art. 21(2)(l) Cryptography & encryption
Covered by: GPG + TLS (reverse proxy)
Read the full NIS2 compliance matrix
SecNumCloud alignment
ANSSI qualification path

Architecture documented for SecNumCloud qualification reviews. Self-hosted deployment with no foreign cloud dependencies meets sovereignty requirements.

One-command audit export
JSON · CSV · Syslog compatible
GET /api/v1/audit?from=2026-01-01&format=json
ISO 27001 evidence-ready
Repod's audit trail covers controls A.12.5 (software installation) and A.12.6 (vulnerability management).
Pricing

Simple, transparent pricing

Start with the community version. Upgrade when your team needs enterprise security controls.

Community
Free
Open core — coming soon
Launching Q3 2026
  • APT repository hosting
  • Package upload (REST API + UI)
  • ClamAV antivirus scan
  • GPG signing
  • Basic web UI
  • Single distribution
  • Community support
Enterprise
Recommended
Contact us
Annual licence · unlimited packages
  • Everything in Community
  • Trivy CVE scanning
  • CISO review queue
  • Multi-distribution
  • Full RBAC (5 roles)
  • Immutable audit trail
  • NIS2 compliance export
  • SecNumCloud documentation
  • Priority support & SLA
  • On-boarding session
Request a demo

No commitment · 30-day pilot available

Live demos available now

See Repod in action

Get a personalised 30-minute walkthrough with a live Repod instance. We'll show you the security pipeline, the CISO dashboard, and how to deploy in your environment.

Request your demo

Send demo request

Or email us directly at contact@getautoflow.dev