Service coverage

Service coverage is the honesty surface. Every individual cloud / Kubernetes / SaaS service VinTekh models is listed there with an honest grade per capability.

The five coverage levels

• ● native — ground truth, read directly from cloud-native APIs. What we display is what the cloud says.
• ◐ partial — we read most of what matters; some fields or edge cases aren't covered yet. Notes column lists the specific gaps.
• ◔ inferred — we derive this from adjacent native data (e.g. computing effective rules from raw rules + flow logs). Honest best-effort; could be wrong on edge cases.
• ○ roadmap — known gap, planned. The notes column tells you which tranche.
• ✕ unavailable — cannot be done from this cloud alone without an external connector (Wiz / Dynatrace / CrowdStrike / etc.). Notes column says what would unlock it.

The nine capabilities

Each service gets graded on all nine. We never leave a capability blank — even "unavailable" is preferred over silence.

1. Discovery — can we know the resource exists?
2. Inventory — can we read all its metadata?
3. Topology — can we map its relationships?
4. Posture — can we evaluate its security configuration?
5. Network — can we trace traffic in / out?
6. Identity — can we enumerate who can reach it?
7. Observability — can we read metrics + logs?
8. Cost — does it appear in cost-management data?
9. Recommendations — do we have playbooks for it?

Reading the "Enhanced by" hints

Filter by Wiz / Dynatrace / Datadog / CrowdStrike / Veracode to see exactly which services would gain depth if you connected that vendor. We never pretend we deliver what they do — we tell you precisely what they'd add.

Why this page exists

Every observability / security product claims "everything". We refuse to. The coverage page is the contract: what you see is what we deliver. If a row says "native", we deliver it; if it says "roadmap", we don't — and you know exactly what's missing.

See also Platform capabilities — the category-level (CSPM, IGA, SIEM, …) honest map.