February 7th, 2026
Policy as Code, Compliance Visibility & Major Stability Improvements
This release introduces Policy Management, a foundational security governance layer for CybeDefend. Version 0.8.0 enables organizations to define security requirements as code, automatically evaluate scans against those policies, and track compliance over time at both organization and project levels.
In parallel, we delivered major stability improvements across all scanners, more realistic scan progress tracking, and significant UX enhancements for vulnerability management.
CybeDefend now provides a full Policy as Code engine to enforce security standards consistently across organizations, teams, and projects.
Key capabilities include:
Hierarchical policies with strict precedence:
Organization → Team → Project
Higher-level policies cannot be weakened by lower levels.
YAML-based policy definitions with full version control support.
Async policy evaluation using a dedicated worker to avoid blocking scan workflows.
Support for simple and composite rules:
Severity, CVSS, CWE, OWASP, scanner type, branch, vulnerability age, and more.
AND / OR logic for advanced conditions.
Flexible exclusions with glob patterns, justification, and optional expiration dates.
Violation tracking and audit trail for compliance and reporting.
CI/CD enforcement with deterministic exit codes for warn vs block actions.
Policies are evaluated automatically after scans, ignoring vulnerabilities that are already resolved, ignored, or marked as not exploitable, ensuring focus on real, active risk.
This feature enables security teams to move from passive detection to enforced security governance.
To make policy enforcement visible and actionable, CybeDefend now includes Compliance Overview dashboards:
Organization-level compliance view
Global security posture across all projects.
Policy violations summary and trends.
Project-level compliance view
Effective merged policy visualization.
Historical compliance tracking per scan.
Clear identification of blocking vs warning violations.
This provides a continuous, auditable view of security compliance over time.
You can now update multiple vulnerabilities at once directly from the Detailed view:
Select vulnerabilities using checkboxes.
Apply status changes (ignore, accept risk, etc.) in bulk.
Greatly improves triage efficiency on large scans.
Scan progress estimation has been reworked to better reflect real execution stages:
Reduced misleading “stuck at X%” behavior.
Progress now correlates more closely with actual scan phases.
Improved user confidence during long or complex scans.
Significant work has been done to harden the scanning pipeline:
Improved stability for GitHub and GitLab scans.
Global reduction of scan crashes across all scanners.
Better error handling and recovery for edge cases.
These changes reduce unexpected failures and improve overall scan reliability, especially on large repositories.
Fixed an issue affecting public container image scans that could cause incorrect failures.
To prepare the upcoming authentication system overhaul:
API keys are now officially deprecated.
They will be fully replaced by Personal Access Tokens (PAT) in v0.9.0.
Upcoming authentication flow:
A PAT will be exchanged for an OAuth access_token using a token exchange endpoint (grant_type=token-exchange).
All API calls will then use:
Authorization: Bearer <access_token> This change is required to support fine-grained scopes, better rotation, and improved security guarantees.
We strongly recommend starting to plan this migration ahead of v0.9.0.
January 12th, 2026
This release introduces a major evolution of the CybeDefend user experience and remediation capabilities. Version 0.7.0 delivers a fully redesigned web dashboard, a next-generation Autofix engine with bulk remediation via pull requests, and a breakthrough approach to fixing SCA vulnerabilities, even deep within transitive dependencies. We also significantly expanded our IaC detection coverage and improved result readability with advanced vulnerability grouping.
The CybeDefend web dashboard has undergone a complete overhaul to provide a more modern, intuitive, and efficient user experience.
Cleaner and more structured layouts for faster navigation.
Improved readability of scan results and security insights.
Optimized workflows for triage, remediation, and reporting.
Designed to scale better with large projects and high vulnerability volumes.
This redesign significantly reduces cognitive load for both developers and security teams.
We introduced a brand-new Autofix engine, designed to be faster, smarter, and more scalable.
Select multiple vulnerabilities across files and categories.
Generate a single grouped Autofix Pull Request.
Consistent, secure, and idiomatic fixes aligned with your codebase and framework.
Improved fix accuracy thanks to deeper contextual analysis.
This enables teams to remediate large sets of vulnerabilities in minutes instead of hours.
CybeDefend now supports Autofix for Software Composition Analysis (SCA), powered by DeepFix, a new proprietary resolution engine.
DeepFix is capable of fixing vulnerabilities even when they originate from transitive dependencies:
Analyzes complex dependency graphs with multiple transitive import paths.
Identifies valid remediation paths among competing dependency trees.
Recommends safe upgrades of parent dependencies to eliminate vulnerable child libraries.
Avoids breaking changes whenever possible by selecting the most compatible fix path.
This brings true, actionable remediation to SCA, where traditional tools often stop at detection.
To improve result readability and prioritization, vulnerabilities can now be visualized in a grouped mode.
Vulnerabilities of the same type are merged into a single logical occurrence.
Grouping applies even when findings span multiple files or locations.
Quickly assess impact without being overwhelmed by repetitive detections.
Ideal for large repositories and refactoring-oriented workflows.
You can still drill down into each individual occurrence when needed.
We have added more than 1,000 new Infrastructure as Code detection rules, significantly expanding coverage across cloud providers and configuration patterns.
December 31st, 2025
The new branching system has significantly changed the scan logic, so we recommend rerunning a scan on your projects.
This major update marks a turning point for CybeDefend’s integration capabilities. Version 0.6.0 introduces full support for private container registries, a sophisticated multi-branch management system to track security across your entire development lifecycle, and deep integration with GitHub Issues for automated remediation workflows. We have also overhauled our core AI models and agentic parsing engine for unprecedented speed and precision.
CybeDefend now seamlessly integrates with the industry’s leading container registries. You can now scan private images for vulnerabilities across:
Public Cloud: Amazon ECR, Azure Container Registry, Google Container Registry.
Standard Platforms: Docker Hub, GitHub Container Registry, GitLab Registry.
Enterprise Solutions: Quay, Harbor, and JFrog Artifactory.
You are no longer limited to scanning your main branch. CybeDefend now supports a full Branching System, allowing you to track the security posture of every feature or release branch independently.
Auto-Sync: For GitHub and GitLab linked projects, branches are automatically detected.
Manual Flexibility: For unlinked projects, simply specify the branch name via the CLI or CI/CD configuration.
Native IDE Support: The CybeDefend VS Code extension now automatically detects your current local branch to run targeted scans.
Streamline your remediation process by syncing CybeDefend findings directly with GitHub Issues. To fit your team's workflow, we offer three synchronization modes:
One issue per vulnerability type: Consolidates similar findings (e.g., all SQL Injections) into a single ticket.
One issue per vulnerability detection: Creates a unique ticket for every single occurrence.
One issue per affected file: Organizes work by file, perfect for developers refactoring specific modules.
To provide better clarity and risk assessment, we have decoupled scan results. CI/CD Security & Secrets are now separated from SAST and IaC findings. This dedicated view allows security teams to prioritize hardcoded credentials and pipeline misconfigurations without them being drowned out by code-level vulnerabilities.
The Cybe Agent's intelligent code parsing engine has received a significant performance boost. The underlying logic has been optimized to handle large codebases much faster, reducing the "time-to-insight" during the next discovery phase of a scan.
We have upgraded the LLM architecture powering Cybe Analysis and the Cybe Security Champion.
Higher Precision: Better context window management leads to even fewer false positives.
Actionable Advice: The Security Champion now provides more idiomatic and secure code fix suggestions tailored to your specific framework and coding style.
CLI & GitHub Actions: Updated to support the new --branch flag.
GitLab CI: Example templates updated to include multi-branch detection logic.
VS Code Extension: Seamlessly switches context based on your active Git branch.
December 1st, 2025
⚙️ Stability, Precision, Reporting, and IaC Intelligence Release
This version enhances the accuracy of all analysis engines, improves overall platform robustness, and introduces new configuration capabilities for more consistent and predictable scans. It also brings powerful new reporting features across organizations, teams, and multi project scopes, along with a comprehensive organization level overview delivering deep, consolidated security insights.
Advanced reports can now be generated not only from a single project, but also from:
An entire organization.
A custom selection of teams.
A selection of multiple projects.
The available formats remain the same: JSON, HTML, PDF.
The reports include:
CWE Top 25 Report.
OWASP Top 10 Report.
This evolution finally enables cross scope reporting for internal audits, compliance needs, board level reporting, and partner communication.
A new Overview page has been added at the organization level, providing a comprehensive dashboard with a large set of consolidated statistics.
Examples of available metrics:
Total number of projects and teams.
Open and resolved issues.
New findings over the last 7 days.
Severity distribution.
State distribution.
Vulnerabilities over time.
Analysis type distribution (SAST, SCA, IaC, Container).
Consolidated risk scoring with high, medium, and low risk breakdown.
Weekly activity.
Top most vulnerable projects.
Team summaries with their associated projects.
This new Overview provides a strategic vision of the organization’s application security posture and gives an immediate understanding of the global software risk level.
Cybe Analysis now supports intelligent false positive reduction for Infrastructure as Code, with advanced IaC rule correlation to filter out non exploitable patterns.
Semantic analysis has also been improved for Terraform, Kubernetes manifests, and CloudFormation.
A new .cybedefend configuration file can be added at the root of your repository to precisely control analysis behavior.
Exclusion rules targeting files, directories, and patterns.
Unified configuration for SAST, SCA, IaC, and Container Analysis.
The agentic parsing subsystem and the supervision layer have been reinforced.
Reduced risks of agent desynchronization.
Improved stability for large scale analyses.
Major optimizations enhance platform responsiveness and interface consistency.
Reduced loading time for the issues list through optimized API queries.
Smoother navigation across vulnerability segments.
Several issues that could cause unexpected scan termination have been resolved.
A fix has been applied for a bug affecting organization switching.
Proper context isolation when switching between organizations.
Consistent workspace rehydration and correct resource scoping.
November 14th, 2025
⚡ Enhanced Reporting & Performance Release
This version focuses on deepening analytical capabilities, improving speed, and refining the user experience across CybeDefend’s AI-driven AppSec ecosystem.
CybeDefend now allows you to generate comprehensive compliance-ready reports (JSON, HML, PDF) directly from your project results:
CWE Top 25 Report – identifies the most critical weaknesses across your codebase.
OWASP Top 10 Report – maps your vulnerabilities to the industry’s most recognized security risks.
SBOM (Software Bill of Materials) – provides a complete inventory of dependencies for enhanced transparency and supply chain security.
Enhanced stability and accuracy in vulnerability detection and triage.
Optimized processing for large-scale scans to ensure consistent performance across multiple languages and repositories.
User Interface Redesign for better readability, navigation, and conversational context.
Smoother interaction flow for developers using CybeDefend’s AI-powered assistant.
Faster SAST scan execution and result retrieval, reducing waiting times and improving developer feedback loops.
September 26th, 2025
🚀 Major AI Agents Release
This version introduces Cybe AI Agents, a new suite of intelligent assistants designed to drastically improve security triage, remediation, and developer enablement.
Cybe Analysis
Automated False Positive Reduction for SAST findings.
Intelligent Vulnerability Triage: vulnerabilities are automatically classified, their status updated, and severity prioritized.
Cybe Autofix
Automatic Vulnerability Remediation for SAST findings.
GitHub & GitLab Pull/Merge Request Integration: automatically generates and submits secure fixes as PRs/MRs directly to your repositories.
Cybe Security Champion
AI-powered assistant chatbot inspired by the OWASP "Security Champion" role.
Full Codebase Awareness: parses your entire codebase to provide context-aware answers.
Vulnerability Context Integration: all responses consider the project’s open vulnerabilities, ensuring accurate, coherent, and actionable guidance for your dev team.
New SCM Support: GitLab SaaS is now fully integrated into CybeDefend.
Supported Features:
Project scanning via GitLab repositories.
Cybe Autofix support with automated Merge Requests on GitLab.
🌍 New Sovereign European Platform
Access at: https://eu.cybedefend.com/login
Hosted on OVHcloud SecNumCloud-certified infrastructure (ANSSI qualification).
Ensures full compliance with European cybersecurity and sovereignty standards.
July 8th, 2025
🌐 New Access URL
The CybeDefend US platform is now available at: https://us.cybedefend.com
Make sure to update your bookmarks and integrations accordingly.
⚠️ Warning: Beta Version
CybeDefend v0.2 is currently in beta. Some features may still contain bugs or unexpected behavior.
If you encounter any issues, please contact us immediately through our support dashboard or the contact form.
Complete Dependency Tree Mapping: Each dependency is now tracked with its full ancestry, providing precise insight into how each component is brought into your project.
File-Level Dependency Tracing: Increased accuracy in identifying exactly which file introduces each dependency, enhancing audit and traceability.
Dependency Path Visualization: Clear, structured views of dependency hierarchies to better understand their relationships.
Transitive Dependency Detection: Automatic detection and classification of transitive (indirect) dependencies brought in by direct ones.
Development Dependency Labeling: Clear separation between production and development-only dependencies for targeted security analysis.
Customizable Scanning Parameters: Ability to filter scans by dependency type (development vs. production, direct vs. transitive), significantly improving performance for focused scans.
Universal Lockfile Support: Works with user-provided lockfiles or automatically generates them for all major package ecosystems.
Multi-Ecosystem Coverage: Automatically supports lockfile generation for 15+ package managers including npm, Cargo, Composer, Go, Poetry, NuGet, Gradle, Maven, Ruby Bundler, and more.
Intelligent Fallback Mechanisms: In case of version incompatibility or lockfile generation errors, the system gracefully falls back to base configuration files to maintain scan continuity.
Zero-Configuration Operation: Projects can be scanned without worrying about lockfiles – the system handles dependency resolution automatically and transparently.
Improved Lockfile Parsers: Significantly enhanced accuracy across all supported ecosystems:
Improved parsing for Maven, Gradle, npm, Python, Ruby, Cargo, Go, and others
Better handling of complex version specifiers and dependency relationships
More accurate resolution of aliases and redirects in dependency declarations
False Positive Reduction: Detection algorithms have been refined to reduce false positives and provide more reliable vulnerability findings.
Faster Scanning: Up to 60% speed improvement thanks to optimized parsing and data handling.
Selective Scanning: Enhanced capabilities to scan only production dependencies or skip already analyzed transitives.
Efficient Resource Utilization: Reduced memory usage during scans, allowing larger and more complex projects to be analyzed efficiently.
Interactive Dependency Tree: Explore the full dependency tree directly in the SCA interface to understand vulnerability context and impact.
Detailed Vulnerability Inspection: Enhanced visibility with clear severity indicators and affected dependency paths.
Advanced Filtering Options: Fine-grained filters to narrow down by dependency type or severity for efficient triage.
At-a-Glance Dashboard: Color-coded metrics provide a quick overview of your project’s dependency health.
Redesigned SCA Interface: A more intuitive layout for navigating complex dependency data, reducing onboarding friction.
Faster UI Rendering: Improved frontend performance for large dependency trees without lag.
Responsive Design: Better adaptation across devices and screen sizes for a consistent user experience.
Automatic Authentication Prompt: Users are automatically prompted to authenticate when opening a folder, streamlining secure access.
Git Project Auto-Detection: Git repositories are automatically matched to existing projects in the CybeDefend workspace.
Smart Project Linking: If no matching project is found, the extension offers to create and link a new one with minimal interaction.
Team Collaboration Support: Simplified team selection when creating projects to facilitate multi-user workflows.
Flexible Configuration Options: Multiple authentication paths support various use cases including existing, new, and manually configured projects.
Faster Vulnerability Detection: Improved scan speed across all supported types (SAST, SCA, IaC).
AI-Powered Security Assistant: Upgraded AI chatbot can now help interpret SAST, SCA, and IaC issues in real time with contextual guidance.
Unified Security Coverage: Consolidated security scanning across multiple vulnerability types for complete risk assessment.
Improved Result Display: Scan results are shown directly in the IDE with a focus on readability and quick remediation.
Smart Notifications: Context-aware alerts about vulnerabilities, prioritized by severity and relevance.
Intelligent Recommendations: Proactive suggestions to improve security based on code patterns and dependency structure.
Public Image Scanning Support: Users can now scan publicly available Docker images (e.g. from Docker Hub or any compatible public registry).
System Vulnerability Detection: Detects vulnerabilities in OS packages, shared libraries, and metadata included in the image.
Integrated Results: Container analysis results are available in the same dashboard as SCA, SAST, and IaC findings.
Private Registry Support Coming Soon: Support for scanning images from private Docker registries (with authentication) is planned for an upcoming release, enabling full DevSecOps coverage.
February 27th, 2025
🚨 Note: This is an Alpha Release 🚨
This version of CybeDefend is not a final release. It is an early-access Alpha version, available for free, allowing users to test the platform, provide feedback, and help refine the product before its stable release. Your insights are crucial in shaping CybeDefend into the best security testing tool possible!
Introduction of CybeDefend's cutting-edge user interface, providing a seamless and intuitive security analysis experience.
SAST (Static Application Security Testing): Detect vulnerabilities in source code before deployment.
IaC Security Analysis: Identify security misconfigurations in Infrastructure-as-Code (Terraform, CloudFormation, Kubernetes manifests).
SCA (Software Composition Analysis): Scan dependencies for known vulnerabilities and outdated libraries.
Context-aware AI assistant that understands the project's vulnerabilities.
Provides security insights, suggested fixes, and explanations directly within the interface.
Dynamically adjusts recommendations based on the active page and project context.
Automatic Security Scans: Trigger security scans on every commit to the default branch.
GitHub Project Import: Seamlessly import repositories for analysis.
Scan Execution: Launch security scans via CLI and retrieve results in JSON format.
CI/CD Integration:
Example integrations provided for GitLab CI and GitHub Actions.
API Documentation: Full reference for API usage and integration.
User Guide: Step-by-step instructions for using CybeDefend effectively.
Vulnerability Trends: Track security issues over time.
Vulnerability Distribution: Analyze vulnerability categories and their impact on the project.
RBAC & ReBAC Model: Fine-grained access control based on roles and relationships.
Team Management:
Organizations can create teams with associated projects.
Team roles define actions users can perform on linked projects.
This version is not production-ready and is subject to changes and improvements based on user feedback. We encourage users to test the platform and share their thoughts to help us refine and optimize CybeDefend.
📩 How to Provide Feedback?
Feel free to report issues, suggest features, or share your experience with us via our support channels. Your input is invaluable in shaping CybeDefend’s future! 🚀