tracecat
Tracecat is an open-source security automation platform that lets teams and AI agents build workflow automations, manage cases, and integrate with enterprise tools. It combines low-code workflow builders with agent capabilities, running workflows durably on Temporal and sandboxing untrusted code with nsjail.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | TracecatHQ/tracecat |
| Owner | TracecatHQ |
| Primary language | Python |
| License | AGPL-3.0 — OSI-approved |
| Stars | 3.7k |
| Forks | 385 |
| Open issues | 99 |
| Latest release | 1.0.0-beta.50 (2026-06-29) |
| Last updated | 2026-07-08 |
| Source | https://github.com/TracecatHQ/tracecat |
What tracecat is
Backend built on Python/FastAPI/SQLAlchemy/Pydantic; frontend on Next.js/TypeScript; durable execution via Temporal; sandboxing via nsjail; PostgreSQL + S3-compatible storage. Supports 100+ pre-built connectors (HTTP, SMTP, gRPC, OAuth) and integrates custom Python scripts via a custom registry.
Get the tracecat source
Clone the repository and explore it locally.
git clone https://github.com/TracecatHQ/tracecat.gitcd tracecat# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires PostgreSQL, S3-compatible object store, and Temporal server; containerized deployment (Docker/K8s) is standard. Managed Cloud available but self-hosting demands DevOps capability.
- AGPL-3.0 license obligates source disclosure for derivative works; enterprise features (RBAC, version control, MCP servers) are in separate EE license requiring explicit permission.
- Sandboxing via nsjail (Linux) and Temporal durable execution add operational overhead; monitor sandboxed job execution and workflow state persistence closely.
- Low-code builder + agent prompt interface lowers barrier to automation design, but custom Python script integration requires engineering support.
- Audit logs exportable to SIEM; no SSO tax (SAML/OIDC included); assess workspace access control needs early (OSS has basic auth; EE adds RBAC/ABAC).
When to avoid it — and what to weigh
- Proprietary / Closed-Source Requirement — Tracecat is AGPL-3.0 licensed; enterprise features in `packages/tracecat-ee` require explicit license. Redistributing or commercializing without permission is prohibited.
- Production Stability Mandate — Project is in active development (beta 1.0.0-beta.50); README emphasizes reviewing changelog before updating. Not suitable if you require stable, versioned releases.
- No Deployment Complexity Tolerance — Self-hosting requires Docker, AWS Fargate, Kubernetes, PostgreSQL, S3, and Temporal infrastructure. Managed Cloud is available but introduces vendor dependency.
- Minimal Customization Needed — Tracecat is feature-rich and complex; overhead is high for simple, static automation rules. Lighter alternatives may be more cost-effective.
License & commercial use
Tracecat core (excluding `packages/tracecat-ee`, `deployments/k8s`) is AGPL-3.0. Enterprise Edition features (RBAC, MCP servers, version control, monitoring) require a separate paid license. Kubernetes Helm chart is PolyForm Shield (source-available, internal use only). Derivative works must comply with AGPL-3.0 copyleft obligations.
AGPL-3.0 requires source disclosure for derivative works and commercial deployments. EE features are explicitly excluded and require a separate license agreement. Self-hosting and internal use are permitted under AGPL-3.0, but any commercial service built on Tracecat or modifications deployed to external parties must disclose source and comply with copyleft. Consult legal counsel before commercializing; contact Tracecat directly for EE licensing terms.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Good |
| Assessment confidence | High |
Sandboxing via nsjail and Temporal durable execution are security-forward architectural choices for running untrusted code and agents. Audit logs exportable to SIEM. SAML/OIDC support for authentication. No security audit results, vulnerability disclosure policy, or threat model provided in excerpt; conduct security review before production use. Assess nsjail configuration, Temporal API exposure, and database access controls.
Alternatives to consider
Zapier / Make (formerly Integromat)
Cloud-only, closed-source, lower deployment complexity, but limited custom code execution, fewer enterprise integrations, and higher per-action costs.
n8n
Open-source (Elastic), lower-code workflow builder, easier deployment, but less AI-native, no built-in case management, and smaller connector library.
Demisto / Palo Alto Cortex XSOAR
Enterprise SOAR platform, mature case management and playbook engine, but proprietary, higher cost, and steeper learning curve; better for large enterprise SOC.
Build on tracecat with DEV.co software developers
Evaluate Tracecat for your team. Review deployment requirements, licensing (AGPL-3.0 vs. EE), and Temporal dependencies. Request a demo or start self-hosting to assess fit.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
tracecat FAQ
Can I use Tracecat for commercial purposes?
What is the difference between OSS and Enterprise Edition?
Do I need Temporal?
Is Tracecat production-ready?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like tracecat into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source observability stack.
Ready to automate security workflows?
Evaluate Tracecat for your team. Review deployment requirements, licensing (AGPL-3.0 vs. EE), and Temporal dependencies. Request a demo or start self-hosting to assess fit.