DEV Community

ComplianceLayer
ComplianceLayer

Posted on

Reddit Post Drafts — ComplianceLayer Launch

#security #python #msp #cybersecurity

Reddit Post Drafts — ComplianceLayer Launch

POST #1: r/msp — Pre-launch reputation builder

Title: I scanned 100 MSP websites for basic security issues. The results were rough.

Out of curiosity, I wrote a script that scans websites for common security misconfigurations — SSL, DMARC, SPF, HTTP security headers, and open ports. Ran it against a random sample of MSP company websites (pulled from public directories).

Here's what I found across 100 sites:

SSL/TLS:

  • 23% had certificates expiring within 30 days
  • 11% were still accepting TLS 1.1 connections
  • 4% had no HSTS header

Email security (DNS):

  • 41% had no DMARC record at all
  • 28% had SPF with ~all (softfail) instead of -all (reject)
  • 67% had no DKIM selectors detectable via common selector names

HTTP Headers:

  • 78% were missing Content-Security-Policy
  • 52% were missing X-Content-Type-Options
  • 31% were missing X-Frame-Options

Open ports:

  • 8% had RDP (3389) publicly accessible
  • 14% had non-standard management ports open

The irony: a lot of these are MSPs who are selling security services to their clients, and their own sites have basic misconfigs.

Not trying to name and shame — just thought the data was interesting. Happy to scan anyone's domain in the comments if you want to see your own results.

(This is an organic data post. Do NOT mention ComplianceLayer here. Let people ask what tool you used.)

POST #2: r/msp — Soft launch

Title: Built a free security scanner for client domains — feedback welcome

I've been building internal tools for client security reporting for a while, and kept running into the same problem: security ratings tools like BitSight and SecurityScorecard are overkill (and overpriced) for checking whether a client's basic hygiene is in order.

So I built my own. It checks:

  • SSL/TLS (expiry, cipher suites, HSTS)
  • DNS/email security (SPF, DMARC, DKIM, MX)
  • HTTP security headers (CSP, X-Frame-Options, etc.)
  • Open ports

Results come back as a scored report (A-F grade per category) with specific remediation steps.

You can use it free here: [compliancelayer.net]

First 10 people to post their domain get a free full scan report as a PDF.

It's API-first so you can automate it — script your client reviews, set up alerting when certs are about to expire, that sort of thing.

What would make this actually useful for your workflow? Trying to understand how MSPs currently handle this kind of check.

POST #3: r/msp — Full launch

Title: ComplianceLayer — security scoring API for MSPs. $0.99/scan. No BitSight contract required.

After a few weeks of beta testing with people from this community, I'm ready to officially launch.

What it is: An API that runs a full infrastructure security assessment on any domain — SSL, DNS/email, HTTP headers, open ports — and returns a scored report (A-F per category, overall letter grade) with actionable remediation steps.

Why I built it: BitSight costs $30K+/year. SecurityScorecard isn't much better. For MSPs who want to run security checks on client domains at scale, there's nothing in the $50-500/month range. ComplianceLayer fills that gap.

Pricing:

  • Free: 10 scans/month
  • Starter: $99/month → 100 scans
  • Pro: $249/month → 500 scans
  • Agency: $499/month → 1,500 scans

API example:

curl -X POST https://api.compliancelayer.net/v1/scan/full \
  -H "X-API-Key: your_key" \
  -H "Content-Type: application/json" \
  -d '{"domain": "clientdomain.com"}'
Enter fullscreen mode Exit fullscreen mode

Returns: scored JSON report in ~15 seconds.

Use cases I've seen from beta users:

  • Pre-sales security audits for prospects
  • Monthly automated client reports
  • Insurance pre-qualification scans
  • Onboarding new clients (baseline security score)

Live: compliancelayer.net — free tier, no credit card required.

Happy to answer any questions.

POST #4: r/sysadmin — Technical angle

Title: Show r/sysadmin: Security scoring API that checks SSL, DMARC, headers, and ports in one call

Built a REST API that runs a full external security assessment on any domain in one call. Returns scored JSON:

{
  "domain": "example.com",
  "overall_score": 92,
  "overall_grade": "A",
  "modules": {
    "ssl_tls": { "score": 90, "grade": "A", "issues": [...] },
    "dns_email": { "score": 100, "grade": "A", "issues": [] },
    "http_headers": { "score": 85, "grade": "B", "issues": [...] },
    "open_ports": { "score": 100, "grade": "A", "issues": [] }
  },
  "recommendations": [...]
}
Enter fullscreen mode Exit fullscreen mode

Use it for automated security monitoring, CI/CD security checks, client reporting, whatever.

Free tier: 10 scans/month, no card required.

API docs: api.compliancelayer.net/docs

COMMENT TEMPLATES (for when people ask "what tool?" under Post #1)

If they ask in comments:

"It's something I've been building — compliancelayer.net. Still pretty early but the API works well. Happy to share access if you want to try it."

If they ask via DM:

"Yeah it's at compliancelayer.net — free tier gets you 10 scans/month. Would love feedback from someone actually using it in an MSP context."

TIMING

  • Post #1: 2 weeks before launch, Tuesday 9 AM EST
  • Post #2: 1 week before launch, Wednesday 10 AM EST
  • Post #3: Launch day, 9 AM EST
  • Post #4: Launch day, 11 AM EST (different audience, different post)

Built by ComplianceLayer — scan any domain for security compliance in seconds. Get your free API key.

Top comments (0)