Skip to main content

Product

Roadmap

Sigil v1.0 is live with the full CLI, Claude Code plugin, MCP server, web dashboard, and cloud threat intelligence. Here's what's coming next.

Now

Pro plan launch

Cloud threat intelligence, scan history, and web dashboard — coming soon for Pro subscribers

VS Code Marketplace listing

Install the Sigil extension directly from the VS Code Marketplace

JetBrains Marketplace listing

Install the Sigil plugin directly from the JetBrains Marketplace

Next

Comparison pages

See how Sigil compares to Snyk, Socket.dev, Semgrep, and CodeQL

Homebrew tap

brew install nomarj/tap/sigil — one command, always up to date

npm global package

npm install -g @nomark/sigil — for Node.js workflows

GitHub App

Automatic PR comments with scan results on every push

Later

Go, Rust, and Ruby support

Scan Go modules, Cargo crates, and Ruby gems

Docker / OCI image scanning

Scan container images for supply chain risks before deployment

Custom scan rules

Define your own detection rules in YAML for team-specific policies

Enterprise SSO / SAML

Single sign-on, role-based access control, and audit logs

Air-gapped deployment

Self-hosted API with offline signature packs — no external network required

SBOM generation

Export CycloneDX and SPDX software bills of materials

MCP registry scanning

Scan published MCP servers from registries before connecting

AI-assisted triage

Let an LLM explain findings and suggest fixes in plain language

Shipped

Everything delivered from v0.1.0 through v1.0.5 and Claude Code Plugin v1.0.1.

Sigil v1.0 public release

Open-source CLI with six-phase scanner, multi-platform binaries (macOS, Linux, Windows), Homebrew, npm, Cargo, curl installer

Claude Code Plugin v1.0.1

4 slash commands, @security-auditor and @quarantine-manager agents, auto-scan hooks

Documentation site

CLI reference, Claude Code Plugin guide, MCP guide, CI/CD guides, configuration, troubleshooting

Eight-phase CLI scanner

Install hooks, code patterns, network/exfil, credentials, obfuscation, provenance, prompt injection, AI skill security

Prompt injection detection

AI skill malware, jailbreak attempts, markdown-based RCE, social engineering patterns

Quarantine-first workflow

Clone, pip install, npm install, scan, fetch — nothing runs until you approve it

Shell aliases and git hooks

gclone, safepip, safenpm aliases and pre-commit hook scanning

External scanner integration

Run semgrep, bandit, trufflehog, safety, and npm audit alongside Sigil

Cloud threat intelligence

Hash lookups, publisher reputation, 55 detection signatures, 4,700+ known threats

Threat intelligence dashboard

Browse signatures, known threats, community votes, campaign tracking

MCP server

6 tools + 1 resource so AI agents can scan before they install

Web dashboard

Scan history, team management, threat intel browser, billing

FastAPI cloud backend

10 API routers, PostgreSQL, Redis, JWT auth, Stripe billing

Team management

Scan policies, auto-approve thresholds, allowlist/blocklist, invite members, roles

Alert channels

Get notified via Slack, email, or webhook when high-risk scans complete

CI/CD integration

GitHub Actions, GitLab CI, SARIF output, Docker builds

VS Code extension

Scan your workspace, files, selections, and packages from the editor

JetBrains plugin

IntelliJ, PyCharm, WebStorm — scan from your IDE

Blog

8 posts covering supply chain security, AI agent threats, and MCP safety

Autonomous threat bot

Continuously monitors PyPI, npm, GitHub, and OpenClaw for malicious packages

Suggest a featureView ChangelogBack to Home