MarBoba
Sign in
Features

Everything between new project and green deploy, automated.

MarBoba is an opinionated internal developer platform, shaped by shipping real products. What you see below is what teams actually need, in the order they need it.

RBAC + two-person approvals Audit-logged by default KMS-encrypted Vault SSRF-safe integrations SOC 2 Type II — Enterprise, mid-2027
Works with your stack
GitHubGitLabBitbucketAzure DevOpsJenkinsArgo CDDatadogGrafanaPrometheusPagerDutySnykSonarQubeSplunkServiceNowConfluenceMicrosoft TeamsHashiCorp VaultSlackJira + more in the Integration Hub
10 min
from blank to a deploying dev branch
108+
production-grade pipeline templates
4
VCS providers, all first-class
13
languages of paste-ready flag SDK code
The golden path

Template to live, one straight line.

One guided pass pushes a real pipeline to your repo and walks the change all the way to production.

apps.marboba.com/projects/new
01 02 03 04 05 Template Repo CI / CD Deploy Live pick + confirm components YAML pushed to your VCS tests first, cached builds prod gated by approval run recorded in MarBoba sensible defaults GitHub · GitLab · Bitbucket · Azure 108+ templates manual approval gate callback URL pings home
Start fast

Master Project Wizard

Eleven steps, sensible defaults on every one, 10 minutes to a deploying dev branch. Every answer is changeable later — this is a shortcut, not a cage.

  • Auto-slugs your repo name from the project name
  • Pre-fills credentials that are already in your Vault
  • Shows a ✓ on deployment targets with ready-made templates for your VCS
  • Creates Dev / QA / Staging / Prod environments in one click
New project — step 6 of 11
  1. Template pick your stack
  2. Components confirm what ships
  3. Repository name auto-slugged
  4. Deploy targets ✓ template ready for your VCS
  5. Credentials pre-filled from Vault
  6. Environments Dev / QA / Staging / Prod
  7. + 5 more steps, all with defaults…
Finish → MarBoba pushes the real pipeline YAML to your repo.
pipeline run — myapp · dev
$ git push origin dev
tests ······· passed — always run first
build ······· cache hit
deploy: dev · live
deploy: prod — waiting for manual approval
callback ···· run recorded against the project
Pipelines included

CI/CD pipelines, 108 templates

For every realistic combination of component × deployment target × VCS provider, MarBoba ships a production-grade YAML scaffold. Tests run first, builds are cached, and prod deploys wait behind a manual approval.

Where it deploys
Backend APIs
Cloud RunLambdaECSHerokuKubernetesFly.ioRenderAzure App Service
Web frontends
Firebase HostingVercelNetlifyCloudflare PagesGitHub PagesS3 + CloudFront
Mobile apps
Play Store (Flutter / React Native / native)App Store via TestFlight
Libraries
npmPyPIMaven CentralNuGetcrates.ioRubyGems
Desktop apps
GitHub Releases (.dmg / .AppImage / .exe)
No second-class repos

Multi-VCS from day one

GitHub, GitLab, Bitbucket, and Azure DevOps are all equal citizens. One driver talks to whichever provider your project uses — no forked code paths, no feature gaps.

  • List pipeline runs uniformly across all 4 providers
  • Cancel + rerun failed jobs for any provider
  • Push CI/CD config files to the right path for each provider automatically
  • Env Sync writes secrets to each provider’s native CI variable store
GitHub GitLab Bitbucket Azure DevOps One VCS driver single dispatch path Same UI, all four ✓ Runs list ✓ Cancel ✓ Re-run ✓ Live log viewer
apps.marboba.com/flags
new-checkout boolean dev ON qa ON staging ON prod 25%
search-v2 segment rule kill switch armed
pricing-banner JSON scheduled — Mon 09:00
Soft-stop on subscription lapse: flag reads keep returning defaults — no feature breakage.
Flags built in

Feature Flags

A real flag service built into the platform — no LaunchDarkly bill. Already on LaunchDarkly? Import your whole project in one click.

  • Boolean / string / number / JSON flags with typed reads
  • Environment overrides (dev / qa / staging / prod) per flag
  • Percentage rollout, user segment, property-match, schedule rules
  • LaunchDarkly import pulls keys, types, defaults, environment overrides, and tags
“How to Implement” ships paste-ready code in
TypeScriptJavaScriptPythonDartSwiftKotlinJavaGoRubyPHPC#RustcURL
Secrets, once

Vault & Env Sync

Store every secret your pipeline needs — keystores, certificates, API keys, service-account JSON — in one place. Rotate in the Vault and it propagates in seconds.

  • KMS envelope encryption on every secret
  • Automatic sync mode triggers on every Vault write
  • Manual mode with a Sync button for regulated environments
  • Pipeline-failure log scanner points at the specific missing secret
Env Sync auto on every write MarBoba Vault KMS envelope-encrypted keystores · certificates API keys · service-account JSON GitHub Secrets GitLab CI Variables Bitbucket Pipeline Variables Azure Variable Groups rotate here → propagates in seconds
Single pane of glass

Integration Hub — your whole stack, one screen.

Pick a provider, store the token in Vault, test the connection — and MarBoba pulls a live summary onto the card.

MarBoba read-only API clients CI/CD Security Logging Docs ITSM Comms Secrets Cost nothing to install on the other tool — no community plugin to maintain
14 connectors, 8 categories
CI/CD
JenkinsArgo CD
Security
SnykSonarQubeCheckmarxFOSSACrowdStrike
Logging
Splunk
Docs
Confluence
ITSM
ServiceNow
Comms
Microsoft Teams
Secrets
HashiCorp Vault
Cost
CloudHealthCloudability
Alongside the VCS, observability, Slack, and Jira integrations already built in.
  • Credentials live encrypted in MarBoba Vault; the connection stores only a pointer, never the secret
  • Every change is audit-logged
  • Every outbound call goes through an SSRF-safe fetcher

Observability, connected

Plug in the monitoring you already pay for — paste a key into Vault once and MarBoba keeps pulling forever.

DatadogGrafanaPrometheusNew RelicCloudWatchPagerDutyCustom HTTP
  • Server-side polling every 5 minutes — nothing to install on the monitoring tool, no plugin to maintain
  • Alert / health state feeds the project health score, SLO tracking, and on-call bindings — not just a standalone dashboard
  • Credentials live encrypted in MarBoba Vault; the connector stores only a pointer, never the secret
  • Every outbound call goes through an SSRF-safe fetcher that rejects private IPs and is DNS-rebind safe
No modeling required

Connect your tools. MarBoba discovers the model.

Other portals make you design blueprints before you see value. MarBoba's catalog kinds are built in — and auto-modeling reads your repositories to fill them, as suggestions you accept with one click.

CODEOWNERS openapi.yaml main.tf * @acme/platform-team your API contract resource "aws_s3_bucket"… Suggested owner Suggested API Suggested resource Platform Team Payments API · OpenAPI assets · S3 bucket · AWS Apply Your catalog owners · APIs · resources — current, audited, yours

Built-in kinds, zero setup

Projects, teams, APIs, systems, domains, and resources work on day one. Custom entity types exist when you want them — they're never the entry fee.

Suggestions, never silent writes

Every inference shows its evidence and waits for an explicit Apply — admin-gated and audit-logged. Dismissals stick.

Bring any catalog with you

Backstage catalog-info.yaml imports in one paste. Spreadsheets, CMDBs, and other portals' exports import from CSV with column mapping and a dry-run preview.

No guessing

Release Readiness

Each project tells you exactly what’s blocking a release — no chasing Slack threads for the JSON key.

  • Per-platform progress (Android / iOS / Web)
  • Missing-credential list with one-click fix
  • Works for every platform — mobile, web, backend, library
myapp — release readiness
Android 80%
Missing: Play Store service account Set Up
iOS Ready ✓
Web Ready ✓
Set Up opens the Credentials screen with the right keyword pre-filled.
Governance & security

Built like your security team wrote the spec.

The same controls gate humans and AI agents alike — every privileged path runs through RBAC, approvals, and the audit log.

Propose Dry-run Approve ×2 Execute Audit log human or AI agent review the diff first two-person rule RBAC-gated every change recorded rotate · rollback · scale · deploy prod deploys wait here too searchable, exportable
KMS envelope encryption
On every secret in the Vault.
Two-person approvals
Prod deploys and agentic actions alike.
Audit-logged everything
Config pushes, rollbacks, integrations, agent runs.
SSRF-safe egress
Outbound calls reject private IPs; DNS-rebind safe.
Secrets by pointer
Connections never store the secret itself.
Recently shipped

What we shipped recently.

Proof of velocity — features that landed in the last two quarters. For what’s coming next, see the public roadmap.

Shipped Q2 2026 Now available

Solo-founder mode

For the 1-person company that doesn’t need to be reminded it’s a 1-person company.

  • Single-user defaults and simplified nav
  • Team/org chrome collapsed away
  • Toggle on from Settings → Solo-founder mode

OTA crash-regression auto-rollback

Set a crash-free floor; MarBoba enforces it.

  • Shipped OTA patch dips below the floor → flipped to auto-rolled-back
  • Audit trail written automatically
  • Manual rollback works the same way — one event log for both

Release themes

Bundle planned work into release-shaped themes.

  • Each theme links epics, the repos affected, and the target release version
  • Stakeholders answer “what’s in this release?” without you composing it by hand

Mobile release train

iOS, Android, and web releases shipping together as a cohort.

  • One timeline for all three platforms
  • Stop reconciling three separate dashboards on launch day

AI postmortem drafts

A structured first draft, minutes after you resolve.

  • One click on a resolved incident
  • Pulls the timeline, recent commits, and chat history through Claude/GPT
  • Edit and publish in minutes

Build-failure RCA with one-click fix PR

MarBoba already diagnoses why the build broke — now it drafts the fix.

  • “Generate fix PR” opens a draft GitHub PR with the proposed patches
  • Path-validated, capped at 10 files, audit-logged
  • Human review still required; auto-merge never
Shipped Q3 2026 Now available

Portable workload spec (marboba.yaml)

Write your workload’s deploy intent once.

  • Parses the spec and plans the catalog diff
  • Compiles per-target deploy files for Firebase, Vercel, Render, Railway, or the app stores
  • Inspired by CNCF Score — idempotent on re-apply, audit-logged on every change
  • CLI: marboba spec apply

Agentic platform actions

AI-driven Day-2 actions with human control built in.

  • Rotate vault secrets, roll a deployment back to last-green, scale a service
  • Proposed → dry-run reviewed → two-person approved → audit-logged
  • Same RBAC primitives that gate human users today
  • CLI: marboba agent run
Enterprise · Coming Q3 2027

Compliance-bound? SOC 2 Type II opens Enterprise mid-2027.

SSOBYOCData residency99.9% SLADedicated AM

All ship together. Join the waitlist for early access.

Join Enterprise waitlist

See it in your browser.

The fastest way to know if MarBoba fits is to run the wizard on one of your own projects. Takes 10 minutes, leaves a real working pipeline behind.

Start free See pricing See the roadmap