DevGuard Roadmap
Open-source vulnerability management evolving towards a stable 1.0 release
Version 1.0.0 Stable Release
Status: In Progress | Target: Q1 2026
DevGuard is leaving beta. Our stable release marks a significant milestone in providing robust, production-ready vulnerability management for the open-source community.
FOSDEM 2026 Presentation
We’ll be presenting DevGuard at FOSDEM 2026 in the “Building Europe’s Public Digital Infrastructure” Devroom, hosted by the German Center for Digital Sovereignty (ZenDiS). Our talk will showcase DevGuard’s role in securing government infrastructure and integration with the secure government container initiative at container.gov.de.
Interactive Documentation Tools
Status: Coming Soon | Target: Next Few Weeks
New documentation subpages will provide interactive testing interfaces directly on this site:
- Vulnerability Database Lookup — Test packages against our aggregated vuln DB
- Package Intelligence Explorer — Licenses, OpenSSF Scorecard insights
- Dependency Proxy Firewall Testing UI — Experiment with firewall policies
Automated NPM VEXing
Status: Coming Soon | Target: Q2 2026
A major advancement in vulnerability assessment automation using reachability analysis to automatically perform the “affected?” assessment for npm packages.
Key Benefits:
- Automated reachability analysis for npm ecosystem
- Up to 70% reduction in manual assessment tasks
- Scientifically validated
MCP Server Prototype
Status: Planned | Target: Q2/Q3 2026
Exploring AI integration through a Model Context Protocol server, enabling AI assistants to query project status and vulnerability data directly from DevGuard.
- Project vulnerability insights via AI interfaces
- Real-time security status queries
- Experimental validation of AI-assisted security workflows
Dependency Proxy Firewall Enhancements
Status: Planned | Target: 2026
Building on our released Dependency Proxy Firewall with enhanced customization and improved policy controls:
- Advanced policy configuration
- Custom rule definitions
Vulnerability Assessment Sharing
Status: Planned | Target: 2026
A collaborative security feature enabling DevGuard users to share assessment details for vulnerable dependency subpaths, built with privacy and trust at its core:
- Anonymized assessment sharing
- Trust score transparency
- Measures to prevent misuse
- Community-driven vulnerability intelligence
DevGuard SaaS
Status: Planned | Target: 2026
Launch of our hosted service, bringing DevGuard capabilities to teams who prefer a managed solution without infrastructure overhead.
Get Involved
Want to contribute or stay updated?