Our Roadmap
What we've built, what we're building, and where we're headed.
Deep Scanning Engine
Automated analysis across your external attack surface: subdomain discovery, port scanning, vulnerability detection, SSL/TLS checks, security headers, web tech profiling, JS dependency scanning, and WAF detection.
Email Security Scanner
SPF, DKIM, DMARC, and DNS zone transfer checks for your domains. Catch email spoofing risks before attackers do.
On-Demand Scanning
Trigger a scan manually at any time. Verify a fix immediately, respond to a change in your environment, or rescan before sharing your certificate.
AI-Powered Fix Suggestions
Every finding comes with plain-English remediation: what's wrong, why it matters, and exactly how to fix it.
Security Score & Trends
One number that tells you where you stand. Track improvements over time and show progress to stakeholders.
Business Impact Descriptions
Every finding explains the real-world business impact — why it matters for procurement, compliance, and customer trust.
OWASP Top 10 Mapping
Findings mapped to OWASP Top 10 categories with exploitability signals. See which industry standards each issue relates to.
Knowledge Base
Public security guidance for every finding type. Business impact and technical remediation in one place — written for your team and indexed for buyers checking your stack.
Shareable Security Reports
Receive a security report about your company? Claim your profile and start monitoring for free.
Full Dashboard & Reports
Asset management, scan history with side-by-side comparison, and detailed reports that make sense to non-security people.
Security Certificates
Shareable security certificates that answer procurement questions in one link. Send proof, not promises.
Annual Billing & Plan Limits
Save with annual plans. Asset limits and scan frequency tiers that give Pro users more control.
Slack & Teams Alerts
Get security updates where your team already works. No more checking dashboards manually.
Rescan Single Asset
Rescan one domain after a fix without waiting for the next full org scan. Close the fix-and-verify loop in minutes, not days.
Subdomain Takeover Detection
Detect dangling DNS records that could let attackers hijack your subdomains on AWS, Azure, GitHub Pages, and more.
NIS2 Technical Gap Assessment
See which NIS2 technical requirements your scans already cover and where the gaps are. One page, no jargon, ready to share with management.
WordPress & CMS Plugin Detection
Detect known vulnerabilities in WordPress plugins, themes, and CMS installations — the most common attack surface for SME websites.
Jira & Linear Issue Sync
Push critical findings directly to your project tracker as actionable issues. No copy-pasting, no lost tickets.
Authenticated App Checks
Test logged-in areas with scoped test credentials. Detect broken auth flows, exposed admin paths, weak session controls, and common API issues that unauthenticated scans cannot reach.
API Security Scanning
Scan customer-provided OpenAPI or Swagger specs with scoped credentials. Check for exposed documentation, weak auth, common API misconfigurations, and high-signal OWASP API risks.
API Exposure Detection
Detect publicly accessible API documentation, debug endpoints, and CORS misconfigurations before attackers find them.
Cyber Insurance Evidence Pack
Pre-packaged security evidence formatted for cyber insurance applications. Show underwriters your posture and potentially lower your premiums.
Industry Benchmarking
See how your security score compares to similar companies in your sector. Know if you are ahead or behind without hiring a consultant.
Business Tier
Multi-user access, priority scanning, extended history, and team reporting for growing companies with a small security-aware team.