Concepts
How Sonar works end-to-end — the workflow engine, the reliability mechanisms behind every scan, the asset model, and the AI stages.
Concepts, the MCP tool surface, agent skills, and one-copy worker deployment — everything a Sonar operator needs.
Sonar is a private security-scan orchestration platform. You describe a workflow — a graph of scanning steps (subdomain enumeration, port scanning, service detection, HTTP probing, …) — and Sonar runs it across a fleet of workers, collects the results, and folds them into a structured asset database you can query, resolve, and act on.
This portal is the operator's map. Start with Architecture for the big picture, or jump to the workflow engine and what keeps a scan reliable — the parts we're proudest of.
A note on secrets. Everything here is safe to read. The worker scripts and MCP config show placeholders for the secret token — the mechanisms are public, but nothing runs until you supply the real token, which only the dev team holds.