February 7th, 2026
Policy as Code, Compliance Visibility & Major Stability Improvements
This release introduces Policy Management, a foundational security governance layer for CybeDefend. Version 0.8.0 enables organizations to define security requirements as code, automatically evaluate scans against those policies, and track compliance over time at both organization and project levels.
In parallel, we delivered major stability improvements across all scanners, more realistic scan progress tracking, and significant UX enhancements for vulnerability management.
CybeDefend now provides a full Policy as Code engine to enforce security standards consistently across organizations, teams, and projects.
Key capabilities include:
Hierarchical policies with strict precedence:
Organization β Team β Project
Higher-level policies cannot be weakened by lower levels.
YAML-based policy definitions with full version control support.
Async policy evaluation using a dedicated worker to avoid blocking scan workflows.
Support for simple and composite rules:
Severity, CVSS, CWE, OWASP, scanner type, branch, vulnerability age, and more.
AND / OR logic for advanced conditions.
Flexible exclusions with glob patterns, justification, and optional expiration dates.
Violation tracking and audit trail for compliance and reporting.
CI/CD enforcement with deterministic exit codes for warn vs block actions.
Policies are evaluated automatically after scans, ignoring vulnerabilities that are already resolved, ignored, or marked as not exploitable, ensuring focus on real, active risk.
This feature enables security teams to move from passive detection to enforced security governance.
To make policy enforcement visible and actionable, CybeDefend now includes Compliance Overview dashboards:
Organization-level compliance view
Global security posture across all projects.
Policy violations summary and trends.
Project-level compliance view
Effective merged policy visualization.
Historical compliance tracking per scan.
Clear identification of blocking vs warning violations.
This provides a continuous, auditable view of security compliance over time.
You can now update multiple vulnerabilities at once directly from the Detailed view:
Select vulnerabilities using checkboxes.
Apply status changes (ignore, accept risk, etc.) in bulk.
Greatly improves triage efficiency on large scans.
Scan progress estimation has been reworked to better reflect real execution stages:
Reduced misleading βstuck at X%β behavior.
Progress now correlates more closely with actual scan phases.
Improved user confidence during long or complex scans.
Significant work has been done to harden the scanning pipeline:
Improved stability for GitHub and GitLab scans.
Global reduction of scan crashes across all scanners.
Better error handling and recovery for edge cases.
These changes reduce unexpected failures and improve overall scan reliability, especially on large repositories.
Fixed an issue affecting public container image scans that could cause incorrect failures.
To prepare the upcoming authentication system overhaul:
API keys are now officially deprecated.
They will be fully replaced by Personal Access Tokens (PAT) in v0.9.0.
Upcoming authentication flow:
A PAT will be exchanged for an OAuth access_token using a token exchange endpoint (grant_type=token-exchange).
All API calls will then use:
Authorization: Bearer <access_token> This change is required to support fine-grained scopes, better rotation, and improved security guarantees.
We strongly recommend starting to plan this migration ahead of v0.9.0.