Security
j17 is not open source, so you can't audit our code directly. We think you should know exactly what's running underneath your data. This page lists every dependency in the system, and our approach to keeping the surface area small.
If you find a security issue, please email security@j17.app.
Approach
Minimal dependencies
Fewer libraries means fewer things that can go wrong. The engine has three runtime dependencies. The full system has fewer than most starter templates.
Own infrastructure
Dedicated and cloud servers on Hetzner, not resold cloud. We manage the full stack from OS up.
Isolation in depth
BEAM process isolation between tenants, WASM sandboxing for custom handlers, and per-instance Redis containers. Multiple layers, each with its own fault boundary.
j17 Engine
Core event sourcing runtime
The engine is the tight inner loop that stores and retrieves events. Two runtime dependencies, plus Zig native code compiled via NIF.
Elixir
Zig (compiled into NIF)
j17 Worker
Event processing and API nodes
Workers handle API requests, run projections, and execute sagas. Includes all engine dependencies plus:
j17 Control Plane
Dashboard, auth, and billing
The control plane manages accounts, instances, and billing. It does not handle your event data. Includes all engine dependencies plus:
This page was last reviewed March 29, 2026. Our dependency lists have been stable since the initial release and don't change often, but we'll do our best to keep this page current when they do.