In Progress
Risk-based prioritization (CybeRisk Score)
The Risk Score system (0β100) is evolving to integrate new key criteria: identified vulnerabilities (findings), reachability, business sensitivity, and exposure level. Furthermore, an AI-generated weekly brief will be introduced to highlight the 'Top 10 Priorities' and justify their significance across all projects.
Florentin Ledy 16 days ago
In Progress
Risk-based prioritization (CybeRisk Score)
The Risk Score system (0β100) is evolving to integrate new key criteria: identified vulnerabilities (findings), reachability, business sensitivity, and exposure level. Furthermore, an AI-generated weekly brief will be introduced to highlight the 'Top 10 Priorities' and justify their significance across all projects.
Florentin Ledy 16 days ago
In Progress
Coding Agent Sandbox Policy
Addition of a second policy system, read in real-time by coding agents via Vibedefend, to specify forbidden patterns (no eval, no child_process.exec, no plain SQL), pre-approved dependencies only, and a 'no plaintext secrets' rule. BEFORE every write operation, the agent (Cursor/Claude Code) receives an allow|deny|warn status for the code action it is currently performing.
Florentin Ledy 16 days ago
In Progress
Coding Agent Sandbox Policy
Addition of a second policy system, read in real-time by coding agents via Vibedefend, to specify forbidden patterns (no eval, no child_process.exec, no plain SQL), pre-approved dependencies only, and a 'no plaintext secrets' rule. BEFORE every write operation, the agent (Cursor/Claude Code) receives an allow|deny|warn status for the code action it is currently performing.
Florentin Ledy 16 days ago
In Progress
AI-BOM (AI Bill of Materials)
Automatic generation of a project AI component inventory: models used (HuggingFace IDs, OpenAI model names, local GGUFs), referenced datasets, versioned prompts, consumed MCP servers, configured LangChain/LlamaIndex agents, and implemented guardrails. Format compliant with EU AI Act Annex IV + NIST AI RMF draft.
Florentin Ledy 16 days ago
In Progress
AI-BOM (AI Bill of Materials)
Automatic generation of a project AI component inventory: models used (HuggingFace IDs, OpenAI model names, local GGUFs), referenced datasets, versioned prompts, consumed MCP servers, configured LangChain/LlamaIndex agents, and implemented guardrails. Format compliant with EU AI Act Annex IV + NIST AI RMF draft.
Florentin Ledy 16 days ago
Planned
MCP Server Security Audit
Dedicated scanner for MCP servers. Detects: tool poisoning (tool descriptions hiding malicious instructions), tool name shadowing, unvalidated parameters, lack of OAuth/scope checks, secrets in tool responses, and cross-tool data leakage.
Florentin Ledy 16 days ago
Planned
MCP Server Security Audit
Dedicated scanner for MCP servers. Detects: tool poisoning (tool descriptions hiding malicious instructions), tool name shadowing, unvalidated parameters, lack of OAuth/scope checks, secrets in tool responses, and cross-tool data leakage.
Florentin Ledy 16 days ago
Planned
Prompt Injection & LLM-misuse scanner
New specialized scanner that analyzes application code calling LLMs (with auto-detection for Anthropic, OpenAI, Bedrock, and Vertex SDKs) to identify: non-parameterized prompts (user input concatenation), lack of guardrails (no system prompt enforcement), indirect prompt injection (unvalidated tool output reinjection), unsafe tool use (file/exec/network access without allowlists), lack of rate/cost-limiting, and secret leaks within prompts according to OWASP LLM Top 10 patterns.
Florentin Ledy 16 days ago
Planned
Prompt Injection & LLM-misuse scanner
New specialized scanner that analyzes application code calling LLMs (with auto-detection for Anthropic, OpenAI, Bedrock, and Vertex SDKs) to identify: non-parameterized prompts (user input concatenation), lack of guardrails (no system prompt enforcement), indirect prompt injection (unvalidated tool output reinjection), unsafe tool use (file/exec/network access without allowlists), lack of rate/cost-limiting, and secret leaks within prompts according to OWASP LLM Top 10 patterns.
Florentin Ledy 16 days ago
AI Code Provenance & dual-policy engine
Automatic detection of AI-generated code and tagging of findings with an origin: ai|human|mixedattribute. Ability to apply different policies to AI or human-written code. Ability to view separate statistics via filters between AI and human code.
Florentin Ledy 16 days ago
AI Code Provenance & dual-policy engine
Automatic detection of AI-generated code and tagging of findings with an origin: ai|human|mixedattribute. Ability to apply different policies to AI or human-written code. Ability to view separate statistics via filters between AI and human code.
Florentin Ledy 16 days ago
In Progress
VibeDefend to secure AI coding agents
Distributes CybeDefend's business security rules to AI coding agents (Claude Code, Cursor, VS Code Copilot, Windsurf, Codex). A mining system extracts business and logic rules directly from the project's codebase, building the initial ruleset without manual authoring. On every edit, the agent consults the rules that apply to the project; at the end of each session, a gap analysis surfaces missing rules to the user for validation. An autopilot mode learns from each Claude Code session over time, proposing new rules as usage patterns emerge. One-command install on Linux, macOS, and Windows.
Florentin Ledy 17 days ago
High Priority
In Progress
VibeDefend to secure AI coding agents
Distributes CybeDefend's business security rules to AI coding agents (Claude Code, Cursor, VS Code Copilot, Windsurf, Codex). A mining system extracts business and logic rules directly from the project's codebase, building the initial ruleset without manual authoring. On every edit, the agent consults the rules that apply to the project; at the end of each session, a gap analysis surfaces missing rules to the user for validation. An autopilot mode learns from each Claude Code session over time, proposing new rules as usage patterns emerge. One-command install on Linux, macOS, and Windows.
Florentin Ledy 17 days ago
High Priority
In Progress
SAST/IaC Major detection catalog expansion
+700 new rules coming for Azure, GCP, AWS, Kubernetes, Terraform, Dockerfile, Android, Python, JS/TS, Java, Go, plus a dedicated rule set for Rust (SQLi on sqlx, diesel, rusqlite, tokio-postgres; XSS; CORS; SSRF).
Florentin Ledy 17 days ago
High Priority
In Progress
SAST/IaC Major detection catalog expansion
+700 new rules coming for Azure, GCP, AWS, Kubernetes, Terraform, Dockerfile, Android, Python, JS/TS, Java, Go, plus a dedicated rule set for Rust (SQLi on sqlx, diesel, rusqlite, tokio-postgres; XSS; CORS; SSRF).
Florentin Ledy 17 days ago
High Priority
In Progress
SAST Data flow analysis
See the real path of untrusted data, from entry point all the way to the vulnerability. No more guessing from a snippet around the faulty line. Instantly understand why a finding matters.
Florentin Ledy 17 days ago
High Priority
In Progress
SAST Data flow analysis
See the real path of untrusted data, from entry point all the way to the vulnerability. No more guessing from a snippet around the faulty line. Instantly understand why a finding matters.
Florentin Ledy 17 days ago
High Priority
Completed
IntelliJ IDEA Plugin V2 (Cybe Agent & In-IDE Autofix)
Introduce CybeDefend IntelliJ IDEA Plugin V2, delivering a fully redesigned developer experience and bringing remediation workflows directly into JetBrains IDEs. This new version integrates Cybe Agent to help developers remediate vulnerabilities faster using Cybe Autofix and DeepFix, while enabling seamless collaboration through direct vulnerability metadata management inside the IDE. Key capabilities Cybe Agent Integration - Add native Cybe Agent support inside IntelliJ IDEA to orchestrate remediation actions directly from the IDE environment, enabling secure and contextual vulnerability fixing workflows. Cybe Autofix in IDE - Enable one-click remediation of detected code vulnerabilities without leaving IntelliJ IDEA, allowing developers to apply secure fixes directly within their coding workflow. DeepFix for SCA in IDE - Allow developers to remediate Software Composition Analysis (SCA) vulnerabilities directly from IntelliJ IDEA, including dependency upgrade recommendations and automated fixes. Complete UX/UI Redesign - Deliver a fully redesigned plugin interface aligned with JetBrains UX guidelines, improving navigation, vulnerability visualization, and daily usability. Vulnerability Status Management - Update vulnerability lifecycle status directly from the plugin (e.g., open, in progress, resolved) to maintain synchronization with the CybeDefend platform. Priority Management in IDE - Edit vulnerability priority directly inside IntelliJ IDEA to align remediation effort with real risk exposure and development planning. Inline Collaboration Comments - Add and update vulnerability comments directly from the IDE to improve traceability, developer collaboration, and security review workflows.
Florentin Ledy 3 months ago
Completed
IntelliJ IDEA Plugin V2 (Cybe Agent & In-IDE Autofix)
Introduce CybeDefend IntelliJ IDEA Plugin V2, delivering a fully redesigned developer experience and bringing remediation workflows directly into JetBrains IDEs. This new version integrates Cybe Agent to help developers remediate vulnerabilities faster using Cybe Autofix and DeepFix, while enabling seamless collaboration through direct vulnerability metadata management inside the IDE. Key capabilities Cybe Agent Integration - Add native Cybe Agent support inside IntelliJ IDEA to orchestrate remediation actions directly from the IDE environment, enabling secure and contextual vulnerability fixing workflows. Cybe Autofix in IDE - Enable one-click remediation of detected code vulnerabilities without leaving IntelliJ IDEA, allowing developers to apply secure fixes directly within their coding workflow. DeepFix for SCA in IDE - Allow developers to remediate Software Composition Analysis (SCA) vulnerabilities directly from IntelliJ IDEA, including dependency upgrade recommendations and automated fixes. Complete UX/UI Redesign - Deliver a fully redesigned plugin interface aligned with JetBrains UX guidelines, improving navigation, vulnerability visualization, and daily usability. Vulnerability Status Management - Update vulnerability lifecycle status directly from the plugin (e.g., open, in progress, resolved) to maintain synchronization with the CybeDefend platform. Priority Management in IDE - Edit vulnerability priority directly inside IntelliJ IDEA to align remediation effort with real risk exposure and development planning. Inline Collaboration Comments - Add and update vulnerability comments directly from the IDE to improve traceability, developer collaboration, and security review workflows.
Florentin Ledy 3 months ago
Completed
VS Code Extension V2 (Cybe Agent & In-IDE Autofix)
Introduce CybeDefend VS Code Extension V2, delivering a fully redesigned developer experience and bringing remediation workflows directly into the IDE. This new version adds Cybe Agent support to help developers fix vulnerabilities faster with Cybe Autofix and DeepFix, while improving collaboration through direct vulnerability metadata updates. Key capabilities: Cybe Agent Integration β Add native support for Cybe Agent inside VS Code to orchestrate remediation actions directly from the IDE. Cybe Autofix in IDE β Enable one-click remediation of code vulnerabilities without leaving the development workflow. DeepFix for SCA in IDE β Allow developers to fix Software Composition Analysis (SCA) vulnerabilities directly in VS Code. Complete UX/UI Redesign β Deliver a fully revamped extension design for better clarity, navigation, and day-to-day usability. Vulnerability Status Management β Update vulnerability status directly from the extension (e.g., open, in progress, resolved). Priority Management in IDE β Edit vulnerability priority from VS Code to align remediation effort with risk. Inline Collaboration Comments β Add and update vulnerability comments from the extension to improve traceability and team coordination.
Florentin Ledy 4 months ago
Completed
VS Code Extension V2 (Cybe Agent & In-IDE Autofix)
Introduce CybeDefend VS Code Extension V2, delivering a fully redesigned developer experience and bringing remediation workflows directly into the IDE. This new version adds Cybe Agent support to help developers fix vulnerabilities faster with Cybe Autofix and DeepFix, while improving collaboration through direct vulnerability metadata updates. Key capabilities: Cybe Agent Integration β Add native support for Cybe Agent inside VS Code to orchestrate remediation actions directly from the IDE. Cybe Autofix in IDE β Enable one-click remediation of code vulnerabilities without leaving the development workflow. DeepFix for SCA in IDE β Allow developers to fix Software Composition Analysis (SCA) vulnerabilities directly in VS Code. Complete UX/UI Redesign β Deliver a fully revamped extension design for better clarity, navigation, and day-to-day usability. Vulnerability Status Management β Update vulnerability status directly from the extension (e.g., open, in progress, resolved). Priority Management in IDE β Edit vulnerability priority from VS Code to align remediation effort with risk. Inline Collaboration Comments β Add and update vulnerability comments from the extension to improve traceability and team coordination.
Florentin Ledy 4 months ago
Completed
Personal Access Tokens (PAT)
Introduce Personal Access Tokens (PAT) in CybeDefend and remove legacy API keys to improve credential security and access governance. This feature will enforce least-privilege access, stronger lifecycle management, and full audit visibility. Key capabilities: PAT-based Authentication β Replace static API keys with user-bound personal access tokens. Immediate API Key Deprecation β Remove API key support when PAT is released, with no backward compatibility. Token Expiration & Rotation β Enforce expiration policies and support secure token rotation. Usage Tracking & Audit Logs β Record token creation, usage, and revocation events for monitoring and compliance.
Florentin Ledy 4 months ago
High Priority
Completed
Personal Access Tokens (PAT)
Introduce Personal Access Tokens (PAT) in CybeDefend and remove legacy API keys to improve credential security and access governance. This feature will enforce least-privilege access, stronger lifecycle management, and full audit visibility. Key capabilities: PAT-based Authentication β Replace static API keys with user-bound personal access tokens. Immediate API Key Deprecation β Remove API key support when PAT is released, with no backward compatibility. Token Expiration & Rotation β Enforce expiration policies and support secure token rotation. Usage Tracking & Audit Logs β Record token creation, usage, and revocation events for monitoring and compliance.
Florentin Ledy 4 months ago
High Priority
Completed
Enterprise Authentication (SSO)
Introduce Enterprise SSO in CybeDefend, enabling organizations to authenticate users through their corporate identity providers. This feature will improve security, simplify onboarding, and enforce centralized access governance across teams. Key capabilities: SAML & OIDC Support β Enable secure single sign-on using enterprise-standard protocols. Google Workspace, Microsoft Entra ID, and Okta Integrations β Provide ready-to-use connectors for fast setup. Domain-based Access Control β Restrict authentication to approved corporate domains. SSO Audit Logs β Track login events, failures, and identity-provider activity for compliance and incident response.
Florentin Ledy 4 months ago
High Priority
Completed
Enterprise Authentication (SSO)
Introduce Enterprise SSO in CybeDefend, enabling organizations to authenticate users through their corporate identity providers. This feature will improve security, simplify onboarding, and enforce centralized access governance across teams. Key capabilities: SAML & OIDC Support β Enable secure single sign-on using enterprise-standard protocols. Google Workspace, Microsoft Entra ID, and Okta Integrations β Provide ready-to-use connectors for fast setup. Domain-based Access Control β Restrict authentication to approved corporate domains. SSO Audit Logs β Track login events, failures, and identity-provider activity for compliance and incident response.
Florentin Ledy 4 months ago
High Priority
Planned
Outdated and End-of-Life Software Detection
Add a scanner that identifies outdated or end-of-life software components in the codebase and dependencies. It tracks version history, security advisories, and lifecycle data to alert teams about components that require updates or replacement to reduce security and maintenance risks.
Florentin Ledy 6 months ago
Low Priority
Planned
Outdated and End-of-Life Software Detection
Add a scanner that identifies outdated or end-of-life software components in the codebase and dependencies. It tracks version history, security advisories, and lifecycle data to alert teams about components that require updates or replacement to reduce security and maintenance risks.
Florentin Ledy 6 months ago
Low Priority
Completed
Open Source License Risk and SBOM Management
Add a component that generates and analyzes SBOMs while identifying license types and associated legal or operational risks. It helps ensure compliance by detecting incompatible licenses, tracking transitive dependencies, and providing clear insights into open source obligations across the entire software stack.
Florentin Ledy 6 months ago
High Priority
Completed
Open Source License Risk and SBOM Management
Add a component that generates and analyzes SBOMs while identifying license types and associated legal or operational risks. It helps ensure compliance by detecting incompatible licenses, tracking transitive dependencies, and providing clear insights into open source obligations across the entire software stack.
Florentin Ledy 6 months ago
High Priority
Planned
Malware Detection for Open Source Packages
Add a scanner that analyzes open source dependencies to detect malicious or compromised packages. It performs static and behavioral checks on package contents, metadata, and embedded scripts to identify suspicious patterns, supply chain attacks, and tampered releases before they enter the application.
Florentin Ledy 6 months ago
Planned
Malware Detection for Open Source Packages
Add a scanner that analyzes open source dependencies to detect malicious or compromised packages. It performs static and behavioral checks on package contents, metadata, and embedded scripts to identify suspicious patterns, supply chain attacks, and tampered releases before they enter the application.
Florentin Ledy 6 months ago
Completed
Secret Detection Scanner
Add a scanner capable of detecting hardcoded secrets not only in the current codebase but also across the full commit history. It identifies API keys, tokens, and credentials through entropy analysis and signature patterns to prevent accidental exposure and improve overall security hygiene.
Florentin Ledy 6 months ago
High Priority
Completed
Secret Detection Scanner
Add a scanner capable of detecting hardcoded secrets not only in the current codebase but also across the full commit history. It identifies API keys, tokens, and credentials through entropy analysis and signature patterns to prevent accidental exposure and improve overall security hygiene.
Florentin Ledy 6 months ago
High Priority
Completed
GitHub Issues Integration for CybeDefend
Introduce a secure, bi-directional integration between CybeDefend and GitHub Issues to operationalize remediation, streamline triage, and ensure end-to-end auditability across repositories.
Florentin Ledy 7 months ago
Medium Priority
Completed
GitHub Issues Integration for CybeDefend
Introduce a secure, bi-directional integration between CybeDefend and GitHub Issues to operationalize remediation, streamline triage, and ensure end-to-end auditability across repositories.
Florentin Ledy 7 months ago
Medium Priority
Completed
GitLab Issues Integration for CybeDefend
Introduce a robust, bi-directional integration between CybeDefend and GitLab Issues to operationalize remediation, streamline triage, and maintain end-to-end auditability across projects.
Florentin Ledy 7 months ago
Medium Priority
Completed
GitLab Issues Integration for CybeDefend
Introduce a robust, bi-directional integration between CybeDefend and GitLab Issues to operationalize remediation, streamline triage, and maintain end-to-end auditability across projects.
Florentin Ledy 7 months ago
Medium Priority
Completed
Slack Integration for CybeDefend
Introduce a secure, bi-directional integration between CybeDefend and Slack to streamline AppSec workflows, incident response, and developer remediation directly within collaboration channels. The integration delivers real-time alerts and interactive triage.
Florentin Ledy 7 months ago
Completed
Slack Integration for CybeDefend
Introduce a secure, bi-directional integration between CybeDefend and Slack to streamline AppSec workflows, incident response, and developer remediation directly within collaboration channels. The integration delivers real-time alerts and interactive triage.
Florentin Ledy 7 months ago