Open-source OT/ICS cybersecurity platform. Solo developer and maintainer. 26 stars on GitHub, MIT licensed. Positions as the affordable, self-service alternative to enterprise OT vulnerability platforms (Claroty, Dragos, Nozomi) — same-day deployment instead of weeks, $499–$4,999/mo instead of $300K–$800K/yr. 10 phases shipped across security, frontend, multi-tenancy, AI remediation, compliance, SBOM, network topology, billing, integrations, and observability: - Multi-source CVE aggregation (NVD, CISA KEV, ICS-CERT, Cisco PSIRT, Microsoft MSRC, Red Hat) - AI-powered remediation engine with 5 OT-aware rules (patch vs. compensating control based on Purdue zone) - EPSS exploit probability scoring + CISA KEV active exploitation flagging - Compliance-as-code: IEC 62443-3-3 (10 controls) + NIST CSF 2.0 (11 controls), continuous automated evidence collection - SBOM ingestion (CycloneDX + SPDX JSON) with component-level vulnerability cross-reference - Passive OT asset discovery via Zeek, Suricata, SNMP, Shodan - Industrial protocol detection (Modbus, DNP3, PROFINET, EtherNet/IP, OPC-UA, HART) with Purdue model zone classification - SIEM/SOAR integrations: Splunk HEC, Microsoft Sentinel, ServiceNow, PagerDuty - Stripe billing with 4-tier subscription gating - TOTP MFA, structured logging, request metrics middleware Stack: Python 3.11, FastAPI, SQLAlchemy 2.0, PostgreSQL (Cloud SQL), React 18 + TypeScript + Vite + Tailwind v4, Zustand, Docker (multi-stage), Google Cloud Run, Cloud Build, APScheduler, 166 pytest tests Live: cybersec-saas-ebqzvaqu6a-uc.a.run.app/app/ GitHub: github.com/mangod12/OneAlert