Skip to main content

Changelog

Product updates, new features, and improvements.

Early AccessJune 2026

ProvenanceOS Early Access

ProvenanceOS is rolling out authenticated scan intake first, then worker-backed AI-origin scoring, dependency lineage, policy evaluation, and audit-ready reports. The groups below reflect what is shipped today versus rolling out or planned.

Shipped1 item
  • Scan intake

    Authenticated upload and repository-URL scan intake is live now; scans queue as durable jobs.

Rolling out3 items
  • AI-origin detection (all 47 signal types)

    AI-origin scoring, stylometric evidence, and explainable confidence reports are rolling out behind the queued analysis workflow.

  • Policy engine (log & warn actions)

    Define provenance rules for review today; automated log and warn actions are rolling out behind the queued analysis workflow.

  • SOC 2 compliance reports

    Audit-ready compliance reports are rolling out in phases alongside generated analysis results.

Planned10 items
  • Dependency lineage mapping (npm, PyPI, Maven)

    Repository and archive scan requests are tracked now; transitive npm/PyPI/Maven lineage graphs are scheduled for the analysis-worker phase.

  • Policy engine (block & require-review actions)

    Automated block and require-review enforcement is planned for the worker-backed policy phase.

  • EU AI Act & GDPR compliance reports

    EU AI Act and GDPR reporting is planned for a future compliance-reporting phase.

  • SBOM generation & validation

    SBOM generation and validation is planned for a future analysis-worker phase.

  • SLSA Level 3 provenance attestation

    SLSA Level 3 provenance attestation is planned for a future phase.

  • SSO / SAML (Okta, Azure AD, Google)

    SSO/SAML is planned for a future enterprise phase.

  • HIPAA compliance reports

    HIPAA compliance reporting is planned for a future phase.

  • Slack & webhook integrations

    Slack and webhook integrations are planned for a future phase.

  • Real-time monitoring & drift detection

    Webhook-driven ingestion, drift detection, and alerting are planned for a future phase.

  • Enterprise deployment (SCIM, log streaming, single-tenant VPC)

    SCIM provisioning, audit log streaming, and single-tenant VPC deployment are planned for a future enterprise phase.

We value your privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more