Code SASTLiveBuilt-in product-risk rules, optional language-aware SAST worker, OWASP/ASVS mapping, framework risk signals, and file/line evidence.
Custom rules and policy gatesPartialStandards mapping, severity gates, and internal rules are live. Team-owned rule packs, rule testing UI, branch policies, and per-org policy administration need a dedicated product sprint.
Cross-function and cross-file analysisPartialAbyssGuard correlates file evidence, framework signals, scanner output, and report context today. Deeper taint/dataflow packs and distributed monorepo sharding belong in the advanced worker backlog.
SCA, SBOM, and lockfilesLiveDependency/lockfile checks, OSV, Trivy, Grype, SBOM inventory, suspicious packages, reachability notes, EPSS context, and license exposure paths are represented in reports.
Dependency inventory searchPartialReports surface dependency evidence now. Org-wide package inventory, saved dependency search, and affected-repo queries need an indexed asset database.
Secrets detectionLiveSecret-shaped tokens, unsafe env exposure, redacted evidence, Gitleaks/TruffleHog paths, entropy-style signals, and optional validation where explicitly authorized.
Historical secret scanningLivePaid full reports can run redacted Gitleaks checks across bounded Git history to find credentials removed from the latest source but still recoverable from commits.
AI detection, triage, and remediationPartialRepair prompts, AI repair drafts, confidence caveats, and fix verification are live. Automated AI triage/autofix, dependency-upgrade guidance, and model-provider routing are next builds.
AI memory and org contextPlannedAbyssGuard has report baselines and workspace context. Per-org AI memory controls need admin UI, governance, deletion/export controls, and clear tenant boundaries.
SCM coveragePartialPublic GitHub, selected private GitHub repositories, and GitHub App install flows are live. GitLab, Bitbucket, Azure DevOps, on-prem SCM, and deeper monorepo workflows are roadmap items.
CI/CD and PR workflowLiveManaged GitHub App PR checks, native check runs, sticky PR summaries, GitHub workflow fallback, scan-on-commit, repair prompts, and API-backed scanning are live.
CLI and IDE workflowPartialA downloadable Node CLI for API-backed CI scans is live alongside the GitHub workflow. Pre-commit hooks, VS Code plugin, JetBrains plugin, and local developer plugin model still need dedicated releases.
Notifications and ticketingPartialEmail alerts are live. Slack, Jira, outbound webhooks, REST API expansion, and security-platform integrations are roadmap work.
Policy, SSO, RBAC, and auditPartialPolicy mapping is live. OIDC/SAML SSO, RBAC, audit logs, SCIM-style lifecycle, and enterprise admin controls require a dedicated enterprise sprint.
Source privacy and retentionLiveSelected-repo GitHub App access, source-discard report generation, finding-only retention, and no source-code model training are stated in the buyer flow.
Support and onboardingPartialSelf-serve docs, sample reports, email support, and Studio priority handling are live. Formal academy/training, named account management, and tailored onboarding are concierge or enterprise scope.
Enterprise infrastructureConciergeDedicated infrastructure, custom CI/CD, account management, tailored onboarding, on-prem constraints, and volume pricing can be handled as enterprise/concierge scope before full self-serve automation.