Changelog

Version 1.0.0

February 2026

Rule Engine

⚙️ Performance, Scale, and Consistency

Faster evaluations with caching, expanded coverage, and standardized rule outcomes.
- Improved execution speed with caching
- Extended rule set for broader coverage
- Standardized exit IDs across rules
- Hundreds of new findings states for richer classification

New Components

🧩 OmniBom and Enrichment Services

New components that expand BOM generation and enrich every verification run.
- OmniBom generates SBOM, CBOM, AIBOM, and MLBOM
- More data to every verification run
- Customizable parameters for AI BOM generation

Rules

📌 Expanded Coverage and Clarity

More rule coverage, better labeling, and clearer guidance for teams.
- New rules for signing, attestations, SBOM, and more
- Enhanced detection and fine-tuning for GitLab
- Rule labels for faster triage and organization
- Updated recommendation text and code snippets for clarity
- Improved data filtering across findings and runs

UX

✨ Workflow and Usability Upgrades

Streamlined day-to-day workflows and clearer pipeline insights.
- Bulk weight editing on rules
- Better pipeline timelines
- Historical verification runs data
- SBOM investigation with deeper details

Dashboards Overhaul

📊 Fully Reworked Dashboards

End-to-end customization with richer analytics and a new visual system.
- Editable default dashboards with full customization
- Widget marketplace and drag-and-drop grid layout
- Analytics per project
- New icon set, improved button placement, and refined grids

🚀 Beta Release Information

KvantumCI is currently GA. We're actively developing new features and improving existing ones based on user feedback. Thank you for being part of our early access program and helping us build the best DevSecOps platform! The Bets is closed.

Version 0.5.0-beta

BETA

December 2025

Dashboards

📊 Real-time DevSecOps Security Posture

Comprehensive dashboards providing instant visibility into your organization's security stance across all projects and repositories.
- Project pulse scoring with real-time updates
- Verification run statistics and trends
- Finding distribution and severity analytics
- Historical data tracking and visualization

Rule Engine (Beta)

⚙️ 23 Core Rules for DevSecOps Validation

Powerful rule engine with 23 production-ready rules covering multiple security domains and best practices.
- SAST (Static Application Security Testing) validation
- SCA (Software Composition Analysis) checks
- Infrastructure as Code (IaC) security verification runs
- Git hygiene and repository security rules
- CI/CD pipeline security checks
- Container security validation

Findings & Recommendations

🤖 DevSecOps Framework-Powered Remediation Guidance

Intelligent recommendations that help teams quickly understand and fix security issues with actionable guidance.
- Context-aware remediation suggestions
- Priority-based recommendations aligned with risk levels
- Code snippet examples and best practices
- Seamless integration with rule engine results

Findings Explorer

🔍 Advanced Search and Filtering Interface

Powerful exploration tools that make it easy to navigate, analyze, and act on security findings across your entire organization.
- Advanced filtering by severity, type, project, and more
- Full-text search across all findings
- Export functionality for reporting and analysis
- Severity-based views and grouping
- Project-specific and cross-project filtering

COMING SOON Product Roadmap

Exciting features we're working on for upcoming releases

Roadmap

✅ Rule Engine Expansion & Depth

Move from surface scanning to context-aware, infrastructure-intelligent rules.
- Infrastructure & GitOps Rules: Terraform detection of deprecated, unmaintained, or malicious modules; dependency risk analysis; ArgoCD best-practice detection; Flux configuration analysis.
- Artifact & Supply Chain Rules: Nexus IQ artifact attribute validation; artifact tree and dependency chain analysis; JFrog repository hygiene and artifact governance rules.
- Runtime & Monitoring Intelligence: Runtime security tooling detection; metrics-as-code validation (Grafana as Code); monitoring solution detection and coverage gaps; Falco best-practice enforcement.
- Automation & Workflow Detection: Atlantis best-practice detection; Terraform automation detection (Atlantis, Spacelift, and more).
✅ AI posture management

Extend posture management into AI systems, models, and pipelines.
- AI Posture Management: AI posture management module; guardrails with segmented IAM; admin vs application users.
- Content & Policy Controls: Profanity filter analysis; topic filter analysis; custom topic recommendations based on AI red-teaming insights.
- AI Tooling & Model Governance: MCP (Model Context Protocol) tooling; tool inventory; permission review and risk analysis.
- MLflow & MLOps Scanning: Model scanning and testing; semantic versioning enforcement; registry usage validation; model configuration analysis; inference server detection.
- Cloud Coverage: AWS support; Azure support.
✅ Foundations & Compliance Alignment

Establish trust, standards alignment, and core scanning parity across platforms.
- Product & Compliance: SOC 2, ISO, and DORA rule bindings; map rules directly to compliance controls; enable audit-ready reporting per standard.
- Core Integrations (Parity First): Jenkins (repository reviews; Jenkinsfile and pipeline configuration analysis); Azure DevOps (Azure Repos reviews; Azure Pipelines configuration reviews).
- Artifact Ecosystem: JFrog integration; Nexus IQ integration.
- Platform Exports: Export findings to Backstage for developer visibility.
✅ Software Bill of Materials (SBOM)

Provide full supply chain visibility.
- SBOM Capabilities: Custom SBOM generation; history exploration and visualization, added and removed dependencies, etc.
✅ Workflow & Collaboration Integrations

Make findings unavoidable, actionable, and developer-friendly.
- CI/CD Feedback Loops: Automated summaries as comments in CI/CD pipelines; clear pass/fail signals with remediation context.
- Issue Tracking: Jira integration, GitHub Issues, GitLab Issues; automatic ticket creation; rule-to-ticket traceability.