Product updates

Changelog

Name: CVERiskPilot
Author: CVERiskPilot LLC

Every feature, improvement, and fix shipped to CVERiskPilot. Building in public, one commit at a time.

0.5.0-alphaMarch 2026Latest
Platform evolution milestone
- All 5 Solivagant platform phases committed (Vault Protocol, Cortex Analytics, Horizon API, Signal Engine, Flux Pipelines)
- GTM waves G1-G5 implemented — CLI-to-platform funnel, email nurture, LinkedIn automation, UTM tracking
- Evidence collection system for compliance audits
- Python parser support (poetry.lock, pyproject.toml)
- Stress testing framework — tested to 2,000 concurrent analysts at 8.5K rps
- SOC 2 readiness report tool
- Partner program page and reseller infrastructure
- 0 test/spec files and 0 stress harnesses validated
0.3.0-alphaMarch 2026
Revenue and enterprise readiness
- RBAC enforcement on all 36+ mutation API routes
- Billing gates on AI endpoints with 402 upgrade responses
- Case approval workflow with status transitions and gates
- Session revocation endpoint for security events
- Public pricing page with tier comparison and Stripe integration
- Google OAuth, GitHub OAuth, Microsoft OAuth, and WorkOS SSO wired
- Onboarding checklist on dashboard
- SAML SSO via WorkOS (Okta, Azure AD, OneLogin)
- CSV export for audit logs, cases, and findings
- Health check endpoints (live, ready, full)
- 2FA backup codes with hash-store verification
- 8 database indexes for query performance
0.2.0-alphaFebruary 2026
Pipeline CLI and operations
- Pipeline compliance scanner CLI (@cveriskpilot/scan) — shipped presets (federal, defense, enterprise, startup, devsecops, healthcare, payments, international, eu-compliance) and 13 package manager formats
- Offline-first scanning with npx support
- Ops dashboard for internal staff monitoring and customer support
- AI triage UI on case detail page with agent workflow visualization
- Auto-triage on upload for CRITICAL/HIGH findings
- Compliance scores wired to dashboard widgets
- CVE intelligence digest cron
- Security audit remediation — auth, RBAC, CSRF, MSSP isolation, CSP fix
0.1.0-alphaJanuary 2026
Foundation
- Full MVP scaffold — auth, upload, parsers, enrichment, dashboard
- 11 scanner format parsers (Nessus, SARIF, CycloneDX, Qualys, OpenVAS, SPDX, OSV, CSAF, CSV, JSON, XLSX)
- 5 scanner connectors (Tenable, Qualys, CrowdStrike, Rapid7, Snyk)
- NVD/EPSS/KEV enrichment pipeline with Redis caching
- 13 compliance framework mapping via CWE bridge
- Agentic CVE triage with 7 tools and HITL gates
- POAM generation and export
- Stripe billing with webhooks and tier management
- Containerized deployment with infrastructure-as-code pipeline
- 11 RBAC roles with 26 granular permissions
- 0 API routes across the app/api tree

See the roadmap for what comes next

View roadmap Get started free

Product updates

Changelog

Every feature, improvement, and fix shipped to CVERiskPilot. Building in public, one commit at a time.

0.5.0-alphaMarch 2026Latest
Platform evolution milestone
- All 5 Solivagant platform phases committed (Vault Protocol, Cortex Analytics, Horizon API, Signal Engine, Flux Pipelines)
- GTM waves G1-G5 implemented — CLI-to-platform funnel, email nurture, LinkedIn automation, UTM tracking
- Evidence collection system for compliance audits
- Python parser support (poetry.lock, pyproject.toml)
- Stress testing framework — tested to 2,000 concurrent analysts at 8.5K rps
- SOC 2 readiness report tool
- Partner program page and reseller infrastructure
- 0 test/spec files and 0 stress harnesses validated
0.3.0-alphaMarch 2026
Revenue and enterprise readiness
- RBAC enforcement on all 36+ mutation API routes
- Billing gates on AI endpoints with 402 upgrade responses
- Case approval workflow with status transitions and gates
- Session revocation endpoint for security events
- Public pricing page with tier comparison and Stripe integration
- Google OAuth, GitHub OAuth, Microsoft OAuth, and WorkOS SSO wired
- Onboarding checklist on dashboard
- SAML SSO via WorkOS (Okta, Azure AD, OneLogin)
- CSV export for audit logs, cases, and findings
- Health check endpoints (live, ready, full)
- 2FA backup codes with hash-store verification
- 8 database indexes for query performance
0.2.0-alphaFebruary 2026
Pipeline CLI and operations
- Pipeline compliance scanner CLI (@cveriskpilot/scan) — shipped presets (federal, defense, enterprise, startup, devsecops, healthcare, payments, international, eu-compliance) and 13 package manager formats
- Offline-first scanning with npx support
- Ops dashboard for internal staff monitoring and customer support
- AI triage UI on case detail page with agent workflow visualization
- Auto-triage on upload for CRITICAL/HIGH findings
- Compliance scores wired to dashboard widgets
- CVE intelligence digest cron
- Security audit remediation — auth, RBAC, CSRF, MSSP isolation, CSP fix
0.1.0-alphaJanuary 2026
Foundation
- Full MVP scaffold — auth, upload, parsers, enrichment, dashboard
- 11 scanner format parsers (Nessus, SARIF, CycloneDX, Qualys, OpenVAS, SPDX, OSV, CSAF, CSV, JSON, XLSX)
- 5 scanner connectors (Tenable, Qualys, CrowdStrike, Rapid7, Snyk)
- NVD/EPSS/KEV enrichment pipeline with Redis caching
- 13 compliance framework mapping via CWE bridge
- Agentic CVE triage with 7 tools and HITL gates
- POAM generation and export
- Stripe billing with webhooks and tier management
- Containerized deployment with infrastructure-as-code pipeline
- 11 RBAC roles with 26 granular permissions
- 0 API routes across the app/api tree

See the roadmap for what comes next

View roadmap Get started free

Changelog

Platform evolution milestone

Revenue and enterprise readiness

Pipeline CLI and operations

Foundation

See the roadmap for what comes next

Changelog

Platform evolution milestone

Revenue and enterprise readiness

Pipeline CLI and operations

Foundation

See the roadmap for what comes next