Skip to content

Platform

Configuration in. Hardened, signed images out.

Primcoat owns the entire build pipeline — the base image, the provisioning, the hardening, the scanning, the signing, and the publishing. You own the configuration that describes what you want.

What you configure

Four layers, all editable in the dashboard or through the API. None of them require you to write build code.

Image definitions

The unit of configuration. An OS and version, a hardening policy, a set of software packages, a version-naming template, and a list of publish targets.

Hardening policies

CIS Level 1, CIS Level 2, DISA STIG, or a custom profile. Primcoat selects the correct SCAP Security Guide content for the image's OS family automatically.

Software catalog

Curated, versioned, tested integrations — EDR, vulnerability agents, monitoring, config management, identity, and cloud agents. Each one ships with a compatibility matrix and a post-install validation test.

Your customizations

Variables and encrypted secrets, structured user and SSH-key definitions, file injection, and — for power users — your own Ansible role from your Git repository.

What Primcoat does not do

Primcoat does not run your workloads, and it does not replace your operating system. It produces the image your workloads boot from — and the evidence that says what is inside it.

Image builds are not instant, and we will not pretend otherwise. A Linux image built from an official cloud image typically takes 15 to 30 minutes. A Windows Server image built from an ISO takes 60 to 120 minutes. Format conversion and upload add 5 to 20 minutes per destination. Every build reports its queue position and an estimated completion time, because a build system that lies about its timing is worse than a slow one.

Stop maintaining your image pipeline.

Primcoat builds, hardens, scans, signs, and publishes your golden images — on the operating systems you already run.