Manage your third-party risk end to end, right inside devguard. You can now maintain a complete vendor register — classifying each supplier by criticality tier (Critical, High, Medium, Low), assigning an owner, and tracking the details that matter for compliance. From there, run point-in-time vendor assessments that capture findings, recommendations, and an overall risk rating, then set a recurring reassessment cadence so reviews happen on schedule instead of slipping through the cracks.

Best of all, vendors plug straight into your compliance picture: link them as evidence against the controls they help satisfy across any framework you've adopted (SOC 2, ISO 27001, NIS2, DORA, and more). Third-party risk is now a first-class part of demonstrating coverage — no spreadsheets, no separate tool. Available to all organizations today.

• Added Vendors management and their Risk Assessment.

• Optimized review pagination with database-level sorting for better results.
• Fixed several UI issues.

We've completely rebuilt how integrations work in devguard. Connecting your tools, GitHub, Jira, and Slack, is now faster, more consistent, and comes with clear setup guidance every step of the way. No matter which tool you're connecting, the experience feels the same.

This redesign also lays the groundwork for what's next. GitLab, Linear, Asana, and more are on the way — and they'll arrive much faster now. If you're already connected, nothing changes on your end — things just work better under the hood.

• Added additional instructions to the integrations.
• Added information which integrations are coming soon.
• Improved existing integrations and use updated API endpoints.

• Added the capability to add a reference to another policy or sub-section via the ":" (colon) command in the editor.
• Added a quick-menu to lists to switch between bullet and numbered lists.
• You can now define header rows and columns in tables in the editor, resize them freely and fixed the context menu not showing up.
• We changed the priority calculation for the CIA triad from average to max according to the ISO 27005 standard.
• Improved the search to easily find content inside policies or mapped controls.
• Ensure ownership can only be transferred to other organization admins.
• Fixed table renderings in PDFs.

• Added partnership with "Swiss Made Software".
• Improved organization creation process.
• Improved empty state when mapping controls or actions.
• Fixed an issue where the organization wasn't showing up when accepting an invite.
• Fixed framework selection from changing position.

Controls can now be linked across frameworks, automatically connecting overlapping requirements between standards. When you enable a new framework, any controls that share requirements with your existing frameworks are automatically recognized, providing immediate coverage without duplicating effort.

This makes multi-framework compliance significantly faster. For example, if you've already implemented ISO 27001 controls, enabling GDPR will automatically map shared controls, so your existing coverage carries over immediately. Focus your time on closing gaps, not re-documenting what you've already done.

• Added control matching between different frameworks.
• Added control links to the control list.
• Added linked controls to policies.
• Added control coverage calculations for controls in linked frameworks.
• Added inline creation for linked collections and roles.
• Fixed styling issues in our documentation.
• Fixed links in emails to have a consistent style.
• Fixed the frameworks page jumping when loading entries.
• Fixed rendering of protected routes when a user has no organization and added proper redirect.

• The menu for creating new sections before, after, or removing them now collapses properly on smaller screens.
• You can now easily download two-factor authentication codes from the user interface.
• We now display the correct subscription price when discounts are applied.
• Improved error messages across several sections.
• Fixed an issue where free trial reminders were not sent to organizations without a subscription.
• Fixed positioning of tooltips within the user interface.
• Fixed days display in trial expiration reminder.
• Fixed an issue that caused the API docs to crash on certain actions.
• Fixed several hydration issues when loading pages.