Changelog

Monthly product updates from the Superagent team.

July 2026

Product

Findings kanban and search

Triage findings from a kanban board, group work by severity or repository, and find the right issues faster with qualifier search.

Superagent now gives findings a more focused workspace for reviewing, prioritizing, and resolving security work.

Kanban triage

Findings are organized into a board so teams can move issues from new to review to resolved without losing context.

Severity and repository grouping

The board can group findings by severity, repository, or both, making it easier to see the riskiest work and route it to the right owners.

Qualifier search

Search now supports free text plus qualifiers like status, risk, source, resolution, and repo, with active findings shown by default.

July 2026

Product

Notification settings

Follow contributor flags, findings, triage results, and accepted risks from a dedicated notification feed.

Superagent now gives teams a dedicated notifications feed for important security and contributor activity.

Activity inbox

The new feed groups notifications by day and starts with unread updates so teams can quickly catch up.

Finding and contributor context

Notifications include context for findings, repositories, contributors, and pull requests so each update is easier to act on.

Email preferences

Users can choose which notification types should also be delivered by email.

Sidebar visibility

Unread counts now appear in the app sidebar, keeping important updates visible while teams work.

July 2026

Product

Contributor scan algorithm upgrades

Scan contributor history with broader PR evidence, parallel sandbox investigators, patch-level safety guards, and warmer cached checks.

Superagent now reviews more contributor history before assigning trust, with deeper PR evidence and faster cached checks.

Broader history evidence

The scan ranks recent authored pull requests by risk and hydrates the most useful examples with patch and review context.

Parallel sandbox investigators

Larger contributor histories can be split across isolated investigators, then merged into one contributor verdict.

Patch-level safety guardrails

Safe results now require concrete patch-level evidence, with weak or metadata-only reviews downgraded automatically.

Faster checks for active contributors

Contributor trust scans are cached and warmed after PR activity so follow-up checks are faster.

June 2026

Product

Deep Contributor Credit Score

Assess contributor trust with hydrated historical PR analysis, CLA status, organization context, and patch-level safety signals.

Superagent now gives security and platform teams a deeper way to understand who is contributing code. Deep Contributor Credit Score analyzes contributor history, repository context, and patch-level evidence to produce an explainable trust signal before a pull request reaches production.

Hydrated contributor history

The score reviews hydrated historical pull requests for the contributor, looking across performance optimization work, cross-repository patterns, internal product features, safety infrastructure, and other high-signal code paths. This gives reviewers more context than the current diff alone can provide.

Explainable trust signals

Each score includes the evidence behind the result: CLA status, last activity, organization alignment, issue linkage, omitted evidence, and confidence levels for patch-level review. Teams can see why a contributor is trusted, suspicious, or needs additional review without reverse-engineering a black-box verdict.

Patch-level safety review

Contributor scoring is combined with patch-level inspection for risky behavior such as credential access, hidden network calls, dependency abuse, permission broadening, or suspicious code paths. The result is a focused review workflow that helps teams distinguish trusted collaboration from changes that need deeper investigation.

May 2026

Product

GitHub-native repository protection

Configure repositories, run adversarial tests on GitHub events, manage CLAs, and triage security advisories from one place.

Superagent now meets your team where work already happens: on GitHub. This release connects repository configuration, automated adversarial testing, CLA management, and advisory triage into a single workflow, so you can ship faster without trading off security review.

Configure repositories

Choose which repositories Superagent protects, set scan and policy preferences per repo, and keep ownership clear across your organization. Onboarding is straightforward: connect GitHub, pick the repos that matter, and your team gets a consistent baseline before code or agents reach production.

Adversarial tests on GitHub events

Trigger adversarial tests automatically from GitHub events, such as pull requests and pushes, so risky changes are challenged before they merge. Tests run in the background against your configured policies, surfacing failures and findings where developers already review code.

Create and manage CLAs

Create and manage Contributor License Agreements without leaving Superagent. Define agreement templates, track contributor status, and keep open-source contribution workflows compliant as your projects and policies evolve.

Triage GitHub advisories automatically

Incoming GitHub security advisories are triaged automatically: Superagent assesses severity and relevance, groups related signals, and helps your team focus on what needs action now versus what can wait. Less manual sorting, faster response when a dependency or repo is at risk.