Continuous posture monitoring: designed to re-check who can see what every time your org's metadata changes, instead of only at a point in time.
Lynceon
Coming soonSalesforce security posture: find and fix the risk
Turn Salesforce access into security judgment.
Where Who Sees What shows the facts of access, Lynceon is designed to judge them and help you act: continuous monitoring, risk findings with severity, remediation guidance, a posture score, and threat detection. The standalone Salesforce security product in the Digadop family, coming soon.
How it works
How Lynceon will work
What it does
Key capabilities
Drift and differential alerts that show exactly what changed and who is newly exposed: a new sharing rule, a profile edit, an Apex class that started running without sharing.
Every risk finding paired with remediation guidance: the specific setting, sharing rule, or code change that closes the gap, prioritized by real exposure.
The full detail of all risk findings across every severity, including the deeper findings that Who Sees What only previews.
Deterministic detection (Salesforce Code Analyzer: PMD for Apex, ESLint, RetireJS, and data-flow analysis) for CRUD and field-level violations, sharing bypass, cross-site scripting, and hardcoded secrets, with AI used only to triage and explain findings, never to detect them.
Built on the Who Sees What access graph, reading beyond it into full org metadata for its analysis.
A posture score and exposure-drift view that track your security model over time and across multiple orgs.
Opt-in auto-remediation: apply a recommended fix in your org under a separate elevated authorization, off by default (on the roadmap).
A higher Compliance tier with threat detection and SOC 2 / ISO / NIST mapping plus audit-ready evidence (planned).
Who it is for: Salesforce admins, security teams, and compliance owners who need continuous, judged security-posture monitoring rather than a one-time snapshot of access.
Example finding
A finding you can act on
RiskHigh: 23 users can edit Accounts they should not
- SeverityHigh, ranked by real exposure across your org.
- CauseA permission set grants "Modify All" on Account to the Support profile.
- Who is affected23 active users, listed by name.
- RemediationRemove "Modify All" from the Support Tier 1 permission set.
Illustrative example of the planned product. Lynceon is coming soon; remediation is opt-in and applied only under a separate, per-change authorization.
Maturity
What is live, and what is coming
Available now
- Nothing customer-facing yet. Lynceon is coming soon; today the site offers a waitlist.
Coming soon
- The customer-facing continuous Salesforce posture-monitoring product, launching after Who Sees What.
- Opt-in, separately-authorized auto-remediation (off by default).
- A Compliance tier: threat detection, SOC 2 / ISO / NIST mapping, audit-ready reports, and a multi-org program view.
- Planned list price $2,499 per org per month. Not purchasable yet.
Trust
Designed to be safe, even when it can act.
Reads your security metadata
Connects through Salesforce OAuth and reads the org security metadata it needs to judge posture, never your business-record contents. It does not change your org unless you turn on remediation.
Every change is opt-in
Auto-remediation is off by default and applies a fix only under a separate elevated authorization, with each change approved and logged.
Coming soon
Lynceon is not purchasable yet. Join the waitlist and we will tell you when it is ready.
See Lynceon in your org.
Part of the Digadop platform: one security and data model across the family.