Product roadmap

Roadmap for ranked CVE decision workflows

DevSecure Intelligence is focused on importing vulnerability findings, enriching them with real-world signals, and returning ranked, explainable risk decisions for AppSec and security engineering teams.

Phase 2

Commercial positioning

  • Workflow-first homepage around CVE prioritisation.
  • No-key demo with bundled RPS sample data.
  • Canonical product surface, copy alignment, and roadmap publishing.

Phase 3

Scanner import and RPS evidence

  • Import scanner output from the Q3 connector list.
  • Show signal contribution, source coverage, and priority-band rationale.
  • Export policy-neutral priority evidence for AppSec workflows.

Phase 4

Operational integrations

  • Deeper CI/CD and ticketing workflows after scanner imports are stable.
  • Organisation-level controls after the API key control plane ships.
  • Customer-owned policy mappings without DevSecure owning customer policy.

Task 2.6 - Integrate

Phase 3 scanner import scope

The first import milestone covers the scanner exports teams already have. Imported findings are normalized into CVE IDs, enriched, scored, and ranked with policy-neutral guidance.

SourceFormatTargetScope
Snykscanner exportQ3 2026Normalize dependency findings into CVE rows for RPS ranking.
TrivyJSON exportQ3 2026Import container and dependency findings into the prioritisation workflow.
GitHub DependabotSARIFQ3 2026Preserve source context while ranking advisories by real-world risk.
Checkmarx Onescanner exportQ3 2026Map imported vulnerability findings to CVE enrichment and priority bands.
AikidoCSVQ3 2026Moved from Q4 2026 into the first scanner-import milestone.