Our Features Are Made for You
We spared no expense.
We have lofty goals and an extensive roadmap, but we were careful to approach the prioritization of our features in line with the most emergent needs in the world today. We felt that the state of software supply chain security, upcoming changes related to Executive Order 14028, and the growing cybersecurity skills gap created an opportunity to educate and foster better practices and was not something that we could ignore.
We will be continuing to evolve each feature as new customers, industries, and regulatory requirements are established. While our product and features are pretty great, we do not believe that any one product can —nor should —replace the benefits gained from true partnership; that is our ultimate mission.
NOTE: We will be publishing our full roadmap for voting, requests, and commentary soon. Until then, please get in touch! —Features currently in discussion/proposed are denoted inline below.
Code Quality Analysis
Development
Code quality analysis applies defined rules to inspect your code for security, performance, design, and other issues. Code quality determines code that is good (high quality) and code that is bad (low quality). While code quality is subjective, the minimum standard is not, nor is the requirement that code be assessed and the findings categorized, prioritized, and disclosed.
Software Bill of Materials (SBOM)
Development
A software bill of materials (SBOM) is a list of components in a piece of software. Software vendors often create products by assembling open-source and commercial software components. The SBOM describes the components in a product. It is analogous to a list of ingredients on food packaging: where you might consult a lable to avoid foods that may cause allergies, SBOMs can help organizations or persons avoid consumption of software that could harm them.
Software Composition Analysis (SCA)
Development
Software composition analysis is a process that can determine all underlying components of software and identify at least the public known (open-source) components. A well-defined process is consistent, automated, and measurable. This analysis provides visibility into components and libraries being incorporated into the software that development teams create.
Static Application Security Testing (SAST)
Development
Static application security testing (SAST) is a way to perform automated testing and analysis of a program's source code without executing it to catch security vulnerabilities early in the software development cycle. Also referred to as static analysis, SAST is the process of parsing through the code to look at how it was written, checkig for security vulnerabilities and safety concerns. (It is a version of white-box testing.)
Active Directory (AD) Integration
Proposed
Contrary to what the title may seem, this integration is with respect to roles and governance for the SSDLC process. AD would be used to verify/validate code reviews happen, by the appropriate parties and number of individuals, comments, approver validation and release sign-off in context of job title and separation of duties, individual contributors NOT being managers or only product owners, etc.
Endpoint Analysis or Integration
Proposed
Analysis of endpoints or ports in the context of searching for an anomaly or other need for management. Potentially a better fit for integrating with an existing provider, such as Azure/Intune. Requested in the context of remediation of an exploited vulnerability.