Changelog
What is live, and what is next.
The free public code scanner is live today. The rest of the platform is on the way — see the roadmap below. Follow @socboxcloud.
Free public code scanner is live
- Paste a public Git repository URL and get a full report with no login and no signup — the only live product today.
- A 12-tool scan pipeline runs static analysis (SAST), secret detection, dependency and container CVE checks, and infrastructure-as-code scanning in one pass.
- Findings are grouped by category and severity so you can triage quickly and share a result link.
- Everything beyond the public scanner — private-repo scanning and the rest of the platform — is account-gated and on the way. See the roadmap below.
On the roadmap
These capabilities are planned, not yet shipped. They will be available behind an account when they land. Dates are not committed.
- Accounts & private-repo scanning — Sign in to scan your private repositories, keep a history of results, and re-run scans on demand.
- Dashboards & trends — Track findings over time across your projects, see what is improving, and surface what needs attention.
- Policy gates in CI — Define policy rules and fail a build or pull request when a scan crosses your thresholds, so issues are caught before merge.
- SBOM & provenance — Generate a software bill of materials for each scan and view build provenance and signature verification for what you ship.
- SSO & audit log — Team workspaces with single sign-on, role-based access, and a per-workspace audit log of who did what and when.
- SIEM export — Stream scan results and audit events into your own security tooling through a stable, documented export.