DEV.co
Open-Source Observability · TracecatHQ

tracecat

Tracecat is an open-source security automation platform that lets teams and AI agents build workflow automations, manage cases, and integrate with enterprise tools. It combines low-code workflow builders with agent capabilities, running workflows durably on Temporal and sandboxing untrusted code with nsjail.

Source: GitHub — github.com/TracecatHQ/tracecat
3.7k
GitHub stars
385
Forks
Python
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryTracecatHQ/tracecat
OwnerTracecatHQ
Primary languagePython
LicenseAGPL-3.0 — OSI-approved
Stars3.7k
Forks385
Open issues99
Latest release1.0.0-beta.50 (2026-06-29)
Last updated2026-07-08
Sourcehttps://github.com/TracecatHQ/tracecat

What tracecat is

Backend built on Python/FastAPI/SQLAlchemy/Pydantic; frontend on Next.js/TypeScript; durable execution via Temporal; sandboxing via nsjail; PostgreSQL + S3-compatible storage. Supports 100+ pre-built connectors (HTTP, SMTP, gRPC, OAuth) and integrates custom Python scripts via a custom registry.

Quickstart

Get the tracecat source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/TracecatHQ/tracecat.gitcd tracecat# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Security Operations Automation

Automate alert triage, incident response workflows, and case management with durable execution and audit logging, reducing mean time to respond for SOC teams.

Agentic Workflow Integration

Build AI-native automations using agents with prompts and tools, syncing custom logic from Git repositories and integrating with Claude/Codex via Tracecat MCP.

Enterprise Tool Orchestration

Centralize orchestration across 100+ security and enterprise tools (SIEM, ticketing, cloud platforms) with a unified low-code platform and human-in-the-loop approval.

Implementation considerations

  • Requires PostgreSQL, S3-compatible object store, and Temporal server; containerized deployment (Docker/K8s) is standard. Managed Cloud available but self-hosting demands DevOps capability.
  • AGPL-3.0 license obligates source disclosure for derivative works; enterprise features (RBAC, version control, MCP servers) are in separate EE license requiring explicit permission.
  • Sandboxing via nsjail (Linux) and Temporal durable execution add operational overhead; monitor sandboxed job execution and workflow state persistence closely.
  • Low-code builder + agent prompt interface lowers barrier to automation design, but custom Python script integration requires engineering support.
  • Audit logs exportable to SIEM; no SSO tax (SAML/OIDC included); assess workspace access control needs early (OSS has basic auth; EE adds RBAC/ABAC).

When to avoid it — and what to weigh

  • Proprietary / Closed-Source Requirement — Tracecat is AGPL-3.0 licensed; enterprise features in `packages/tracecat-ee` require explicit license. Redistributing or commercializing without permission is prohibited.
  • Production Stability Mandate — Project is in active development (beta 1.0.0-beta.50); README emphasizes reviewing changelog before updating. Not suitable if you require stable, versioned releases.
  • No Deployment Complexity Tolerance — Self-hosting requires Docker, AWS Fargate, Kubernetes, PostgreSQL, S3, and Temporal infrastructure. Managed Cloud is available but introduces vendor dependency.
  • Minimal Customization Needed — Tracecat is feature-rich and complex; overhead is high for simple, static automation rules. Lighter alternatives may be more cost-effective.

License & commercial use

Tracecat core (excluding `packages/tracecat-ee`, `deployments/k8s`) is AGPL-3.0. Enterprise Edition features (RBAC, MCP servers, version control, monitoring) require a separate paid license. Kubernetes Helm chart is PolyForm Shield (source-available, internal use only). Derivative works must comply with AGPL-3.0 copyleft obligations.

AGPL-3.0 requires source disclosure for derivative works and commercial deployments. EE features are explicitly excluded and require a separate license agreement. Self-hosting and internal use are permitted under AGPL-3.0, but any commercial service built on Tracecat or modifications deployed to external parties must disclose source and comply with copyleft. Consult legal counsel before commercializing; contact Tracecat directly for EE licensing terms.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityHigh
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Sandboxing via nsjail and Temporal durable execution are security-forward architectural choices for running untrusted code and agents. Audit logs exportable to SIEM. SAML/OIDC support for authentication. No security audit results, vulnerability disclosure policy, or threat model provided in excerpt; conduct security review before production use. Assess nsjail configuration, Temporal API exposure, and database access controls.

Alternatives to consider

Zapier / Make (formerly Integromat)

Cloud-only, closed-source, lower deployment complexity, but limited custom code execution, fewer enterprise integrations, and higher per-action costs.

n8n

Open-source (Elastic), lower-code workflow builder, easier deployment, but less AI-native, no built-in case management, and smaller connector library.

Demisto / Palo Alto Cortex XSOAR

Enterprise SOAR platform, mature case management and playbook engine, but proprietary, higher cost, and steeper learning curve; better for large enterprise SOC.

Software development agency

Build on tracecat with DEV.co software developers

Evaluate Tracecat for your team. Review deployment requirements, licensing (AGPL-3.0 vs. EE), and Temporal dependencies. Request a demo or start self-hosting to assess fit.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

tracecat FAQ

Can I use Tracecat for commercial purposes?
AGPL-3.0 permits internal/self-hosted use; any derivative work or commercial service must disclose source and comply with copyleft. EE features require a separate commercial license. Consult legal counsel.
What is the difference between OSS and Enterprise Edition?
OSS includes agents, workflows, case management, 100+ connectors, and basic auth (AGPL-3.0). EE adds RBAC/ABAC, Git workflow sync, MCP servers, human-in-the-loop, metrics/monitoring, and is available as managed Cloud or self-hosted with support.
Do I need Temporal?
Yes; Temporal is a core dependency for durable workflow execution. You can use Temporal Cloud (managed) or self-host a Temporal cluster.
Is Tracecat production-ready?
It is in active development (beta 1.0.0-beta.50). README advises reviewing changelog before updating. Not recommended for production until v1.0.0 stable is released; assess risk tolerance.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like tracecat into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source observability stack.

Ready to automate security workflows?

Evaluate Tracecat for your team. Review deployment requirements, licensing (AGPL-3.0 vs. EE), and Temporal dependencies. Request a demo or start self-hosting to assess fit.