What's Shipping

Changelog & Roadmap

Every version, every fix, and where we're heading next.

Recent Releases

v1.1 April 2026 Latest
  • New TRIS v2 12-Layer Scoring Engine (Patent Pending). Adds five novel dimensions no competitor has: attack-path blast radius, supply-chain propagation, MITRE ATT&CK defense efficacy, predictive threat trajectory, and FAIR-based financial impact quantification.
  • New TRIS v2 priority bands: ACT (90-100), ATTEND (75-89), TRACK (50-74), MONITOR (25-49), INFORMATIONAL (0-24). Better score separation, fewer false priorities.
  • New Graph-based attack path analysis across internal network topology with blast radius quantification.
  • New SBOM-aware transitive risk propagation. Ingests software bill of materials to model dependency-tree vulnerability impact.
  • New FAIR-based financial impact quantification translates technical severity into expected dollar loss.
  • New Read the TRIS v2 white paper →
v1.0 April 2026
  • New Complete CTEM platform: all 5 stages (Scope, Discover, Prioritize, Validate, Mobilize)
  • New BASzy integrated: 124 attack modules, 12,868 payloads, AutoFuzz zero-day discovery
  • New 9 scanner imports: Nessus, Qualys, Rapid7, OpenVAS, Nuclei, Burp Suite, OWASP ZAP, Trivy, CSV
  • New 8-phase agentless network discovery with 47-port scanning and OS fingerprinting
  • New TRIS v1 7-Layer Scoring engine (0-95 scale) with EPSS, KEV, threat actor correlation
  • New AI Agent Task Board: autonomous job execution with streaming output
  • New CVE Triage Queue: kanban workflow (New → Triaged → Assigned → Resolved)
  • New Policy Compliance tracker: 86 controls across 9 frameworks (HIPAA, PCI-DSS, SOC 2, NIST)
  • New Live Attack Surface Canvas: interactive network visualization
  • New Executive reporting: board-ready risk summaries with SLA tracking
v0.4 Feb 2026
  • New AI Agent Task Board: autonomous job execution with streaming output
  • New CVE Triage Queue: kanban workflow (New → Triaged → Assigned → Resolved)
  • New Policy Compliance tracker with clickable metric bubbles
  • Improved Streaming remediation with live EPSS + KEV enrichment
  • Fix Chain-of-thought stripping, clean output in all modes
v0.3 Jan 2026
  • New Multi-provider AI: cloud and local models supported
  • New AES-256-GCM API key encryption at rest
  • New Remediation script generation with per-CVE caching
  • Improved TRIS score with industry multipliers + compliance weighting
  • New AI Security Chat with model picker and streaming
v0.2 Dec 2025
  • New EPSS + KEV enrichment on every CVE ingest
  • New Watchlist with Slack/Teams webhook alerts
  • Improved SQLite WAL mode + 32MB cache for scan performance
  • Fix Streaming timeout fixed: idle timeout removed from server
v0.1 Nov 2025
  • New Initial release: NVD ingestion, CVE search, AI remediation
  • New Bun + Hono backend, React 19 + Vite frontend
  • New SQLite local cache, Docker + Railway deploy targets

What's Next

Q1 2026: In Progress
Scan file ingestion
In Progress

Direct import of Nessus XML, Qualys CSV, and OpenVAS reports. Drop your scan file and get an enriched triage queue in seconds.

Executive reporting
In Progress

Automated weekly summary reports: KEV exposure window, TRIS-weighted backlog trend, SLA compliance rates by risk band. PDF export.

Asset inventory
Coming Soon

Map CVEs to specific assets. Priority weighting by asset criticality tier. Critical infra gets a higher risk multiplier than dev boxes.

Q2 2026: Planned
SBOM scanning
Planned

Software Bill of Materials ingestion. Find supply chain vulnerabilities buried in application dependencies, the stuff scanners miss.

Multi-user deployment
Planned

Team roles (Analyst, Manager, Read-Only), assignment workflows, and audit log. Enterprise license feature.

Ticketing integrations
Planned

Push CVEs directly to Jira, ServiceNow, or your preferred ticketing system with all enrichment data attached.

CISA KEV alerting
Planned

Real-time notification when new KEV entries match CVEs in your triage queue. Email, Slack, Teams: your choice.

Later
Container / cloud scanning
Planned

Docker image vulnerability scanning, AWS/Azure/GCP asset inventory integration.

SSO / SAML
Planned

Enterprise identity provider integration for organizations with centralized authentication requirements.

Have a feature request? We're building this in close collaboration with early adopters.

Request a Feature →