The SecureStack team has been working on this release for months as we were introducing several new concepts which meant we had to rearchitect many parts of the platform. But most importantly we are introducing several new pieces of functionality in this release.

Role-based access control

The first of these new features is our new Organizations functionality which allows you to create a SecureStack Organization and share access to that Org with your teammates, partners, and compliance bodies. Initially, the Organization functionality will allow the creation of users with 3 roles: Owner, Admin, and User. However, over the next two months, we will introduce even more granularity around access controls. As an example, we want you to be able to share just the compliance report for one application with an auditor or partner and not the whole application.

Software bill of materials (SBOM)

We’ve been working on this feature for a long time and this feature is incredibly important to us. The reason it’s so important is that we don’t believe that the SBOM tools that exist today are giving customers what they really need, which is a comprehensive “ingredients list” of their software. Instead, existing tools focus on showing customers *some* of the open-source libraries that they are using in their applications. Unfortunately, that’s like showing someone a wheel when they really want to see the whole car: its just a small part of a larger, more complex thing.

Continuous Compliance

SecureStack is the first platform to provide its customers with real-time compliance reporting on their software development lifecycle (SDLC). Every time your CI/CD pipeline is run we take a snapshot of the application’s compliance exposure. SecureStack can map your SDLC to ISO27001, SOC2, CIS and the Australian ISM.