NewN-Day-BenchLearn more
winfunc

CHANGELOG

What's new

The latest features, improvements, and updates to winfunc.

April 2026

N-Day-Bench

  • Public monthly benchmark measuring LLM vulnerability discovery across 1,000+ advisories
  • Open methodology with Curator, Finder, and Judge agent evaluation framework
Earlier

Software Composition Analysis

  • Detect vulnerable dependencies alongside SAST findings
  • Improved rendering for dependency vulnerability reports
  • Real-time event streaming for scan progress

AI Triager & Repository Rules

  • New agent that triages vulnerabilities and answers security questions in context
  • Customize agent behavior per-repository with configurable rule sets
  • Quick scan mode for faster, targeted scans

Secrets Detection

  • High-precision detection of API keys, tokens, passwords, and certificates in code and config files
  • Covers environment variables, hardcoded credentials, and private keys

API Security

  • Deep analysis of REST, GraphQL, and gRPC endpoints
  • Detects IDOR, broken authentication, missing rate limits, and injection vectors

Enterprise Controls

  • SSO/SAML support and role-based access management
  • Self-hosted deployment option with zero data retention
  • Repository-level access controls for admins

CI Integration & PR Security

  • Native pipeline integration for GitHub Actions, GitLab CI, Jenkins, and more
  • Scan every pull request with incremental diff-based analysis
  • Blocking gates, SARIF output, and inline PR comments

Custom Scan Rules

  • Configure focus and reporting rules to guide the AI agent’s analysis
  • Tailor scans to your security requirements and compliance needs

Real-Time Scanning

  • See findings as they’re discovered, not just after scan completion
  • Cancel running scans that are no longer needed
  • Scan job approval workflow

Function-Level Analysis

  • Deep code comprehension with reachability analysis and taint tracking
  • Complexity metrics and cross-reference mapping for every function

Analytics & Threat Hunter

  • Security score calculations, trend tracking, and token usage metrics
  • Specialized AI agent for deep vulnerability analysis
  • Query threats by specific file paths

Scanning Infrastructure

  • Background scan workers for reliable, scalable job execution
  • Directory ignore rules for repository analysis
  • Database connection pooling for improved performance

GitHub Integration

  • Connect repositories via GitHub App for seamless scanning
  • Streamlined OAuth authentication
  • Manual and automatic installation linking

Initial Release

  • AI-powered SAST with confidence scoring and complexity metrics
  • Enhanced context around vulnerable code paths
  • Real-time scan progress tracking and notifications
  • Vulnerability filtering, search, and navigation