What’s actually shipped.

A running record of what's landed in ScanPosture, newest first. No roadmap items, no maybes, only changes that are live in the product.

12 releases loggedStatus feed available

May 2026

2 releases

12 May 2026Product

v3.0.0, Unified portal + self-serve trial

The biggest release of the year. Three customer-facing changes: (1) Unified portal, Direct customers and MSP partners now share the same portal shell, dashboard renderer, settings, reports and audit trail. One product, one render path, scoped per role. (2) Self-serve trial, sign up directly via Microsoft OAuth at app.scanposture.com/signup. UK data residency acknowledged before sign-up; tenant + 28-day trial provisioned atomically; admin-consent flow with rate-limited email helper for non-Global-Admin signups; first scan auto-runs the moment consent is granted. (3) Trial mechanics, 28-day trial with four reminder emails (Day 14 / 21 / 26 / 28), trial-end → read-only mode (writes return 402, reads stay open), one-click Stripe activation pre-filled with your real Entra user count, 30-day data grace period after expiry. See /docs/getting-started for the new flow and /trial for the mechanics.

08 May 2026Reports

8 framework readiness views, NIST split + CAF added

NIST CSF 2.0 and NIST SP 800-53 Rev 5 are now first-class separate readiness views (they are different publications, CSF is outcome/function-based, SP 800-53 is a control catalogue), and NCSC CAF 4.0 joined as a UK sector-framework view. Eight readiness views in total: Cyber Essentials, ISO 27001:2022, GDPR Article 32, NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS Controls v8.1, SOC 2 and NCSC CAF 4.0.

April 2026

6 releases

25 Apr 2026Trust

Security and sub-processors pages

Two new pages dedicated to procurement and SecOps reviews: /security publishes the four pillars (UK residency, read-only, verified publisher, UK company), eight technical-control areas, the framework readiness vs certification split, and a coordinated-disclosure process at security@scanposture.com. /sub-processors lists every vendor with purpose, data category and processing region, grouped by region.

25 Apr 2026Status

status.scanposture.com launched

A dedicated public status subdomain. Live operational status with a hero card, monitored-services grid, 30-day uptime history, incident timeline, and email + Atom subscriptions for incident notifications. Browser tab title reflects current overall status (✓ / ⚠ / ✕).

24 Apr 2026Platform

UK data migration, London region

All customer data now stored in our Supabase region in London. Application traffic and email delivery routed through UK / EU infrastructure end-to-end. No US round-trip and no replica outside the United Kingdom.

24 Apr 2026Product

Demo deployment isolation + UK demo project

A dedicated demo Supabase project in London powers the public demo at demo.scanposture.com. Demo trial signup is now blocked at three layers (link, page redirect, API) and routes prospects to the live signup on app.scanposture.com.

22 Apr 2026Reports

External-assessor evidence audience added

Reports now explicitly support the external-assessor audience: framework readiness views map onto Cyber Essentials, ISO 27001, GDPR Article 32, NIST CSF, CIS Controls and SOC 2 evidence requests during third-party assessments.

18 Apr 2026Product

Premium login experience

Login screen rebuilt with proof cards (continuous monitoring, drift detection, prioritised actions, framework readiness), MSP white-label support, and an MFA-first session flow.

March 2026

4 releases

30 Mar 2026Platform

201 read-only checks across 9 weighted security domains

The check registry now totals 201 unique checks, evaluated across nine weighted security domains: Identity & Authentication, Privileged Access, Conditional Access & Policy Enforcement, Account Lifecycle & Governance, Application & Non-Human Identity Security, Data Access & Collaboration Security, Monitoring / Drift / Posture, Logging & Audit, and Device Security.

25 Mar 2026Reports

6 framework readiness views

Findings now map onto six compliance frameworks: Cyber Essentials, ISO 27001, GDPR Article 32, NIST CSF, CIS Controls and SOC 2. Each view is a readiness lens, not certification.

20 Mar 2026Product

AI-generated executive summaries + per-finding helper

Every completed scan gets an AI-generated executive summary. Individual findings have an "Explain this finding" + AI remediation helper. Both are clearly labelled as AI-generated and sit alongside the step-by-step Microsoft-sourced remediation guides.

15 Mar 2026MSP

Dedicated MSP portal with role-based access

Fleet-wide visibility across managed customer tenants, role-based access (MSP admin, MSP analyst, customer admin, customer viewer), MSP branding on customer-facing reports where enabled, per-customer drill-down from the fleet view.

Want incident notifications instead of feature updates? Subscribe on the status page , email or Atom.