Security is not optional.

Running untrusted code is daunting, but Suborbital Extension Engine is built to protect your software from malicious activity. With the security properties of WebAssembly, it’s now easy to provide useful capabilities to developers without compromising your infrastructure.

Start BuildingStar on GitHub

Capability-Based Sandbox

WebAssembly’s sandboxing architecture uses a deny-by-default approach to executing code. By employing this capability-constrained design, parts of your application are selectively given access to what they need to do their jobs – and nothing more.

Explicit Control

Suborbital Extension Engine dynamically enhances the WebAssembly sandbox using the Runnable API, a set of APIs that allow developers to build powerful cloud applications. Before executing a function, Suborbital Extension Engine uses your provided rules to determine access to specific capabilities so that you control what's allowed, always.

Try for Free

Star on GitHub

Zero-Trust Code

Any time code wants to do something outside of the runtime, Suborbital Extension Engine funnels the request through a bound context handled by the Runnable API. While a network or firewall might stop malicious activity somewhere in the middle of its attempt to do damage, capability-based computing stops harm before it starts.

Get Started for Free

Security Best Practices

We went to great lengths to develop a system that is both flexible and secure by only granting capabilities to functions as needed. Fine-grained access for small, composable modules is one of the best ways to enforce the highest protection for your infrastructure while delivering the best, empowered user experience possible.

Extension EngineFor SaaS App Extensibility

Suborbital Extension Engine is now in public beta.

Give your users the power and flexibility of code. With Suborbital Extension Engine, they can build powerful integrations and workflows directly inside your application.