Cette page est affichée en anglais. Une traduction française est en cours.
SkillsMay 12, 2026·2 min de lecture

Tracecat — Agentic Security Automation

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

Prêt pour agents

Installation agent prête

Cet actif peut être installé après choix du runtime, vérification du plan et exécution de la commande adaptée.

Native · 98/100Policy : autoriser
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
Asset
Commande d'installation directe
npx -y tokrepo@latest install 8fd01781-6354-57c3-b940-16170d3816b4 --target codex

À exécuter après confirmation du plan en dry-run.

Introduction

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

  • Best for: Security engineering, SOC automation, and agent-driven playbooks
  • Works with: Docker Compose; Temporal; PostgreSQL; integrates with MCP servers (per README)
  • Setup time: 30–90 minutes

Practical Notes

  • GitHub: 3,598 stars · 359 forks; pushed 2026-05-12 (verified via GitHub API).
  • Repo includes docker-compose.dev.yml + docker-compose.local.yml and a justfile wrapper for common workflows.
  • Per README: sandboxed-by-default with nsjail and durable workflows on Temporal.

Main

A practical adoption path:

  1. Start with one playbook. Pick a repeatable task (phishing triage, IOC enrichment, alert dedupe) and model it as a workflow.
  2. Gate “risky tools.” Put human approval in front of actions that touch production systems or customer data.
  3. Version your scripts. Use the code-native registry idea: keep custom Python tools in Git and sync them into Tracecat.
  4. Treat MCP servers as dependencies. Prefer a small, curated set of MCP servers and pin their configs for reproducibility.

If you run this on developer laptops, keep secrets in env vars and rotate them often; for production, use a dedicated environment and audited credentials.

FAQ

Q: Do I need Kubernetes? A: No. The repo ships multiple Docker Compose files; Kubernetes is optional for production scaling.

Q: Can it run untrusted code safely? A: README says it uses nsjail sandboxes by default; still treat inputs as untrusted and apply least privilege.

Q: How do agents interact with it? A: Per README: you can build prompt-to-automations from your own agent harness, and tools can integrate with MCP servers.

🙏

Source et remerciements

Source: https://github.com/TracecatHQ/tracecat > License: AGPL-3.0 > GitHub stars: 3,598 · forks: 359

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires