REAEGIS
Sign inRequest a demo
Changelog

Changelog

Only major platform changes are listed. Bug fixes, performance improvements, and UI tweaks are not included unless they changed user-visible behavior.

v1.5 — June 2026

Added

  • Autonomous Remediation Engine (ARE): 11-step pipeline that reads source code, writes patches with claude-opus-4-8, builds, and verifies fixes through 3 scanner passes before creating a CCB change request. See ARE documentation.

  • Compliance Intelligence Command Center: 6 live modules in a single dashboard: SPRS Score, FedRAMP 20x KSI, Pentest (CA-8), Subcontractor Portal, NIST 800-171 Rev 3 Transition, AI Governance Assessment.

  • FedRAMP 20x KSI Dashboard: 61 KSI auto-validation with Cosign-signed OSCAL output. Satisfies the machine-readable evidence requirement of RFC-0024 (opens in a new tab) (September 30, 2026 deadline). See KSI documentation.

  • SPRS Score Calculator: Live computation from 110 NIST 800-171 Rev 2 practice implementations. Includes gap-to-88 remediation path. See SPRS documentation.

  • AI Governance Assessment: Regulatory risk scoring for AI tools in use under OMB M-24-10, M-25-21, M-26-04, NIST AI RMF, CMMC, and FedRAMP. Flags FCA exposure when contractors certify CMMC compliance while using non-compliant AI tools handling CUI.

  • Multi-SCM Adapter: Azure DevOps, GitLab, and Bitbucket support alongside the existing GitHub App. See Integrations.

  • IaC and Container Security (Checkov + Trivy): 154+ IaC check-to-NIST mappings. Replaced Snyk as the primary IaC/container scanner. Added as ARE Scanner 6 and Scanner 7.

  • Privacy Controls (PT family): Full PT-1 through PT-8 attestation workflow with SAOP approval chain and PII inventory.

  • CMMC Scoping Wizard: 7-step guided assessment at reaegis.com/cmmc (opens in a new tab). No account required. 134-practice CMMC catalog across 14 domains.

  • Network Diagram: Auto-generated topology diagram from real system data. SVG export with Cosign signing. Manual editing with version history.

  • Document Generation: 40 federal document templates. SSP (PDF), POA&M (Excel), and ConMon packages generated from live evidence data.

  • eMASS Integration: Three-tier: CSV for NIPRNet, self-hosted agent for IL4/IL5, REST for SIPRNet. POA&M export with classification markings.

  • SonarQube / SonarCloud Adapter: 399 rule-to-NIST mappings. Hotspot review routes to CCB.

  • ACAS / Nessus Adapter: Parses Tenable XML, deduplicates against existing findings, enforces IAVA compliance timeline.

  • NIST 800-171 Rev 3 Transition Analysis: 98 active Rev 3 requirements plus 88 Organization-Defined Parameters (23 DoD-defined). Delta engine and crosswalk dashboard.

  • Subcontractor Compliance Portal: DFARS 252.204-7021-compliant portal where CUI-handling subcontractors attest 110 NIST 800-171 practices and compute their SPRS score. Cosign-signed attestations.

  • Pentest Findings (CA-8): AI-assisted PDF parser maps pentest findings to NIST controls. Integrated with CCB.

Changed

  • RAMPART evaluation pipeline: 9 gates (IMAGE_DIGEST, VULNERABILITY, SBOM_ATTESTATION, STIG_BASELINE, BRANCH_POLICY, CHANGE_CONTROL, SECRETS_SCAN, IAC_COMPLIANCE, SLSA_PROVENANCE).

  • ARE uses claude-opus-4-8 exclusively. No fallback to lower-capability models. The model constant is enforced in source.

  • All dual-PR routing now uses ECDSA signing on vault PRs for tamper detection.

Deprecated / Removed

  • Snyk integration replaced by Checkov + Trivy. Snyk tables removed from schema.

v1.0 — February 2026

Added

  • Initial platform release
  • RAMPART 9-gate evaluation pipeline
  • ADVERSARIUS AI remediation analysis
  • AXIOM OPA policy engine with 15 Rego policies (CM, SI, SR, SA, AC, RA)
  • PHAROS continuous monitoring (daily/weekly/monthly jobs)
  • CHRONICLE Cosign + Rekor audit anchoring
  • GitHub App integration
  • 250 NIST SP 800-53 Rev 5 controls seeded
  • FedRAMP Rev 4 (604 controls)
  • OnBoarding 5-step wizard
  • Approval workflow with Slack/email/in-app notifications
  • Evidence Vault with OSCAL viewer
  • SSP Editor with AI narrative drafting
  • Change Control Board (CCB) — Change Requests from remediation plans
  • Jira bidirectional sync (POA&M and Change Requests)
  • eMASS Tier 1 (CSV export)
  • Supply chain: 7 Kyverno policies, Renovate config
  • SBOM management with CycloneDX
  • Tenant lifecycle: onboarding agreements, offboarding executor, archive/restore
GitHub