The FAQ.

Abhra is a desktop-first cloud security platform that scans your AWS, Azure, and GCP infrastructure for misconfigurations, compliance gaps, and attack paths. Unlike cloud-based scanners, every scan runs locally on your machine — your data never traverses our servers.

Security engineers, DevOps teams, compliance officers, and CISOs — particularly those in BFSI, healthtech, public sector, defence, and B2B SaaS across regulated markets worldwide (India, Gulf, EU, UK, Southeast Asia) — who need posture assessment without sending sensitive data to a third-party SaaS.

Abhra is a commercial product. The scanning engine is proprietary, but we adopt open standards (CycloneDX for BOM output, OpenAPI for the local API) wherever possible.

अभ्र (abhra) is the Sanskrit word for the rain-bearing storm cloud — first attested in the Rigveda. We chose it because cloud security is exactly that: making visible what the cloud carries until something moves through it.

Download Abhra-Setup-1.8.0.exe from abhra.app/download. Run the installer, accept defaults, launch from Start Menu. First launch takes ~30 seconds to initialize.

wget https://abhra.app/api/download?platform=deb -O Abhra-1.8.0-amd64.deb, then sudo dpkg -i Abhra-1.8.0-amd64.deb. If dependency errors appear, run sudo apt-get install -f -y. Launch as your normal user with /opt/Abhra/abhra-desktop.

Yes. The first launch takes 30–60 seconds to start the internal API + Web services. If it hangs longer than 2 minutes, check the log at the data directory (path below).

Settings → Apps → Apps & features → Abhra → Uninstall. To also remove user data, delete %APPDATA%/cloud-bom-desktop/. (The data directory still uses the legacy name internally so historical data isn't lost on upgrade.)

No. Uninstalling only removes the application. Your scan data, encrypted credentials, and configuration are preserved in the user data directory. Delete that directory manually if you want a clean removal.

Windows: %APPDATA%/cloud-bom-desktop/data/. macOS: ~/Library/Application Support/cloud-bom-desktop/data/. Linux: ~/.config/cloud-bom-desktop/data/. Main files: cbom.db (SQLite) and api.log (app log).

No. The only network call Abhra makes is a license validation check to abhra.app every 24 hours. Scan data, credentials, resource inventories, findings — none of it transmits.

Encrypted with AES-256 at rest in the local SQLite database. Encryption keys are generated per installation and stored locally. The keys never leave your machine.

Yes, on the Enterprise plan. We support offline license activation and an on-prem license server for fully isolated environments.

No usage telemetry, analytics, or crash reports of any kind. The application is fully self-contained.

License keys are issued either through the trial flow (auto-generated) or by your organization's super admin (Admin → License Management → Generate Key) for paid plans.

Yes — deactivate on the source (Admin → Deactivate License), then activate on the new machine. No support ticket needed.

Existing scan data remains accessible but new scans are blocked. Renew via your admin or sales@abhra.world.

Abhra has a 7-day offline grace period. After that, you'll need to reconnect to revalidate. Existing data is always preserved.

AWS, Azure, and GCP — agentless universal-inventory scanning across every resource type each cloud exposes (Cloud Control API for AWS, Resource Graph for Azure, Cloud Asset Inventory for GCP), plus 1,894+ native security checks layered on top.

Read-only. AWS: SecurityAudit + ViewOnlyAccess. Azure: Reader at subscription scope. GCP: Viewer at project scope. Abhra never creates, modifies, or deletes resources.

Small (<100 resources): 2–5 minutes. Medium (100–500): 5–15 minutes. Large (500+): 15–30 minutes.

Yes. Settings → Automated Scan Schedules. Pick a cadence (every 6h, 12h, 24h, 3d, 7d) or a specific daily time.

Never. Abhra uses read-only API calls exclusively.

PDF + Excel (XLSX). Each report contains findings, framework citations, remediation steps, and an executive summary. CycloneDX JSON is also exportable for the cloud BOM.

25 frameworks across global (SOC 2 Type II, ISO 27001:2022, PCI DSS 4.0, HIPAA, GDPR, NIST CSF, NIST 800-53, EU NIS2, EU DORA, SOX, UK Cyber Essentials+), cloud-native (CIS AWS / Azure / GCP, FedRAMP, MITRE ATT&CK), regional (NESA UAE, SAMA Saudi, NCA ECC, MAS TRM Singapore, CMMC), and India BFSI (SEBI cybersecurity, SEBI CAF, RBI IT, RBI FREE-AI, CERT-In, DPDPA).

Yes — that's what they're built for. PDF includes control mappings, evidence, remediation status; Excel mirrors the structure for filtering and pivoting.