Secbez Docs

Customization

What's customizable in Secbez Enterprise — model routing, policy thresholds, budgets, framework hints, per-tenant configuration.

Enterprise deployments can shape Secbez to match a team's stack, security model, and operational constraints. This page is the catalog of what's customizable. Most of these are scoped per engagement rather than self-service — bring the requirement to the conversation.

Model routing

Per-step model selection is a first-class configuration surface. Each reasoning step in the pipeline can be pointed at a different provider and model, with optional fallback chains. The deployment is plug-in / plug-out — swap the endpoint, swap the model, no other part of the pipeline cares.

See BYO Models for the supported providers and recommendations.

Custom prompts

Reasoning prompts can be overridden when you want to bias the analysis toward your team's conventions or align evidence formatting with an internal review style. Delivered as part of an Enterprise engagement; contact your account team for the override surface.

Custom policy thresholds

The default policy maps severity / confidence to pass | warn | fail. Enterprise deployments can:

  • Move thresholds up or down across severity / confidence buckets.
  • Apply per-rule overrides.
  • Apply per-path policies (e.g., ignore findings in __tests__/ or vendor/).
  • Configure how needs-review and low-confidence findings are treated.

For deeper customization — consulting an external risk-scoring service, applying tenant-specific overrides — Enterprise deployments can plug in a custom policy module as part of an engagement.

Custom framework hints

Secbez recognizes route mounts, middleware chains, and authorization barriers in common frameworks. For internal frameworks, framework-hint packs let your authorization barriers count as evidence the same way major framework guards do. Delivered per engagement.

Custom budgets

Budgets are configurable per scan mode and per repository. Deep Scan removes per-scan caps entirely (see Deep Scan).

Per-tenant configuration

Multi-tenant Enterprise installations can define configuration at the organization level — different teams can have different model routing, policy thresholds, and integration destinations under the same control plane.

What is not customizable

The core invariants are non-negotiable:

  • Every finding is anchored to a code location with concrete evidence.
  • Secrets are redacted before any AI call.
  • The gate decision never depends on AI availability.
  • (repo, sha, mode) is the idempotency key — retries are safe.

Bypassing these is intentionally outside the customization surface — they are what make Secbez findings defensible.

On this page

Model routingCustom promptsCustom policy thresholdsCustom framework hintsCustom budgetsPer-tenant configurationWhat is not customizable