BSL / FSL · Source-available
Don't trust us. Read the code.
The in-tenant collector and the self-serve CLI scanner are source-available (BSL/FSL). The control plane is proprietary. Auditability is the trust feature for a security tool.
Auditability is the trust feature.
A security tool that asks you to run opaque code inside your environment is asking you to trust it on faith. Watch takes a different position: the components that touch your systems are source-available, so you can read them, audit them, and run them yourself.
The control plane - the orchestration, storage, and reporting layer - is proprietary. But the code that runs in your environment isn’t.
The model
- In-tenant collector
- Runs inside your environment. Source-available (BSL/FSL). Read it before you run it.
- CLI scanner
- The engine behind the free Snapshot. Source-available (BSL/FSL). Run it locally, inspect its output.
- Control plane
- Orchestration, storage, reporting. Proprietary - but it doesn’t run inside your environment.
In-tenant collector
BSL / FSLThe collector that runs inside your environment. Read it, audit it, run it yourself. You don't have to trust what you can inspect.
Read the code →CLI scanner
BSL / FSLThe self-serve scanner that drives the free Snapshot. Open for inspection. Same engine, same findings, running locally.
Read the code →Control plane
ProprietaryThe orchestration, storage, and reporting layer. Proprietary - but the components that touch your systems are the ones you can read.
BSL - Business Source License
The Business Source License makes source code available for reading, auditing, and non-commercial use. Commercial use requires a license. After a defined period (typically 4 years), the code converts to an open-source license automatically.
For Watch: you can read and audit the BSL-licensed components that run inside your environment. You can run them locally for evaluation. Production use in a commercial context requires a license from Botzone.
FSL - Functional Source License
The Functional Source License is similar to BSL - source-available, with a conversion to Apache 2.0 after two years. Competing commercial use is restricted; everything else is permitted.
Both BSL and FSL let you read the code that runs in your environment. That’s the property that matters for a security tool: you can verify what it does before you trust it.
Responsible disclosure
If you find a vulnerability in Watch itself, we want to know. Contact us at security@botzone.ai.
Our security.txt is at /.well-known/security.txt.
# /.well-known/security.txt
Contact: mailto:security@botzone.ai
Policy: https://watch.botzone.ai/open-source
Preferred-Languages: en
Expires: 2027-06-16T00:00:00.000Z