DevGuard Roadmap#

Open-source vulnerability management evolving towards a stable 1.0 release

Version 1.0.0 Stable Release#

DevGuard is leaving beta. Our stable release marks a significant milestone in providing robust, production-ready vulnerability management for the open-source community.

FOSDEM 2026 Presentation

We'll be presenting DevGuard at FOSDEM 2026 in the "Building Europe's Public Digital Infrastructure" Devroom, hosted by the German Center for Digital Sovereignty (ZenDiS). Our talk will showcase DevGuard's role in securing government infrastructure and integration with the secure government container initiative at container.gov.de.

Interactive Documentation Tools#

New documentation subpages will provide interactive testing interfaces directly on this site:

• Vulnerability Database Lookup — Test packages against our aggregated vuln DB
• Package Intelligence Explorer — Licenses, OpenSSF Scorecard insights
• Dependency Proxy Firewall Testing UI — Experiment with firewall policies

Automated NPM VEXing#

A major advancement in vulnerability assessment automation using reachability analysis to automatically perform the "affected?" assessment for npm packages.

Key Benefits:

• Automated reachability analysis for npm ecosystem
• Up to 70% reduction in manual assessment tasks
• Scientifically validated

MCP Server Prototype#

Exploring AI integration through a Model Context Protocol server, enabling AI assistants to query project status and vulnerability data directly from DevGuard.

• Project vulnerability insights via AI interfaces
• Real-time security status queries
• Experimental validation of AI-assisted security workflows

Dependency Proxy Firewall Enhancements#

Building on our released Dependency Proxy Firewall with enhanced customization and improved policy controls:

• Advanced policy configuration
• Custom rule definitions

Vulnerability Assessment Sharing#

A collaborative security feature enabling DevGuard users to share assessment details for vulnerable dependency subpaths, built with privacy and trust at its core:

• Anonymized assessment sharing
• Trust score transparency
• Measures to prevent misuse
• Community-driven vulnerability intelligence

DevGuard SaaS#

Launch of our hosted service, bringing DevGuard capabilities to teams who prefer a managed solution without infrastructure overhead.

Get Involved#

Want to contribute or stay updated?

• View on GitHub
• Join Discussions