[SSCA-3501] Update SSCA Roadmap for FY26 Q1

src/components/Roadmap/data/sscaData.ts

@@ -7,12 +7,12 @@ export const SscaData: Horizon = {
       {
         tag: [],
         title: "Repo Security Posture Management for GitHub",
-        description: "Identify misconfigurations in source code repositories based on industry standards such as CIS and OWASP Top 10 CI/CD Security Risks. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.",
+        description: "Identify misconfigurations in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Security Risks. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.",
       },
       {
         tag: [],
         title: "Artifact Chain of Custody",
-        description: "Auditors can now review an artifact chain of custody - a comprehensive audit trail that serves as a ledger for every artifact built and deployed in a CI/CD pipeline.",
+        description: "Auditors can now review an artifact chain of custody - a comprehensive audit trail for auditors that serves as a ledger for every artifact built and deployed in a CI/CD pipeline.",
       },
       {
         tag: [],
@@ -26,79 +26,73 @@ export const SscaData: Horizon = {
       },
       {
         tag: [],
-        title: "HashiCorp Vault Support",
-        description: "Leverage keys from HashiCorp Vault to attest and verify the build provenance.",
+        title: "SBOM & SLSA support with GitHub Actions",
+        description: "Generate SBOM and achieve SLSA compliance using GitHub Actions for artifacts built in GitHub.",
+      },
+      {
+        tag: [],
+        title: "Artifact Signing and Verification",
+        description: "Ensure built artifact is not tampered before deployment.",
+      },
+      {
+        tag: [],
+        title: "Report Generation",
+        description: "Generate comprehensive license reports detailing the licenses associated with artifacts.",
       },
     ],
   },
   "Now": {
-    description: "Q4 2024, Nov 2024 - Jan 2025",
+    description: "Q1 2025, Feb 2025 - April 2025",
     feature: [
       {
         tag: [],
-        title: "Repo Security Posture Management for Harness Code",
-        description: "Identify misconfigurations in source code repositories based on industry standards such as CIS and OWASP Top 10 CI/CD Risk. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.",
+        title: "Non-Container based Artifact Signing & Verification",
+        description: "Support for signing and verification for non-containerized artifacts like helm charts, manifest files, JARs, WARs, etc.",
       },
-
       {
         tag: [],
-        title: "SBOM & SLSA support with GitHub Actions",
-        description: "Generate SBOM and achieve SLSA compliance using GitHub Actions for artifacts built in GitHub.",
+        title: "Artifact Chain of Custody v2",
+        description: "Enhanced audit trail that seamlessly integrates all pipeline events at an account level, spanning from source code to deployment.",
       },
       {
         tag: [],
-        title: "Artifact Signing and Verification",
-        description: "Ensure built artifact is not tampered before deployment.",
+        title: "Repo Security Posture Management for Harness Code",
+        description: "Identify misconfigurations in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Risk. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.",
       },
       {
         tag: [],
-        title: "SBOM API Support",
-        description: "Enable SBOM download APIs for repos and artifacts.",
+        title: "OWASP OSS Top 10 Risks",
+        description: "Visibility into open source risks across built artifacts using SBOMs.",
       },
       {
         tag: [],
         title: "SLSA Policies",
-        description: "Out of the box policies to ensure compliance with Level 1, Level 2, and Level 3 requirements.",
+        description: "Out-of-the-box policies to ensure compliance with Level 1, Level 2, and Level 3 requirements.",
       },
       {
         tag: [],
-        title: "Licensing Policies",
-        description: "Out of the box open source policies to check for non-compliant licenses in dependencies.",
-      },
-      {
-        tag: [],
-        title: "Report Generation",
-        description: "Generate and download reports based on compliance standards such as CIS, and OWASP Top 10 CI/CD Security Risks",
+        title: "Bulk Onboarding",
+        description: "Allow users to bulk onboard GitHub repos across org and accounts via API.",
       },
       {
         tag: [],
-        title: "Bulk Onboarding",
-        description: "Allow users to bulk onboard GitHub repos across org and accounts via API",
+        title: "SBOM API Support",
+        description: "Enable SBOM download APIs for repos and artifacts.",
       },
     ],
   },
   "Next": {
-    description: "Q1 2025, Feb - April 2025",
+    description: "Q2 2025, May - July 2025",
     feature: [
       {
         tag: [],
-        title: "Artifact Chain of Custody V2",
-        description: "Enhanced audit trail that seamlessly integrates all pipeline events at an account level, spanning from source code to deployment.",
-      },     
-      {
-        tag: [],
-        title: "OSS Top 10 Risks",
-        description: "Visibility into open source risks across built artifacts using SBOMs.",
-      },
-      {
-        tag: [],
-        title: "OSS Top 10 Policies",
-        description: "Out of the box policies to identify risks in open source dependencies based on OSS Top 10 Risks.",
+        title: "Cosign AWS Support",
+        description: "Leverage keys from AWS KMS to sign and verify artifacts.",
       },
       {
         tag: [],
-        title: "UX Enhancements",
-        description: "Improving search, filtering across product pages and overall user experience.",
+        title: "Global Level View",
+        description: "Gain complete visibility into all artifact and code repositories across projects, along with their associated findings, in a unified account-level view.",
       },
       {
         tag: [],
@@ -107,43 +101,53 @@ export const SscaData: Horizon = {
       },
       {
         tag: [],
-        title: "CI/CD Security for Jenkins",
-        description: "Perform static analysis to detect risks and misconfigurations in Jenkins pipelines.",
+        title: "Support for Gitlab & Bitbucket",
+        description: "Complete support for GitLab and Bitbucket, allowing users to onboard repositories and perform configuration checks, SBOM generation, and security scans.",
       },
       {
         tag: [],
-        title: "mTLS support for SCS plugins",
-        description: "mTLS support for SCS plugin to ensure secure communication with Harness services.",
+        title: "OSS Top 10 Policies",
+        description: "Out of the box policies to identify risks in open source dependencies based on OSS Top 10 Risks.",
       },
     ],
   },
   "Later": {
-    description: "Q2 2025+, May 2025 & beyond",
+    description: "Q3 2025+, August 2025 & beyond",
     feature: [
       {
         tag: [],
-        title: "Support for Gitlab & CircleCI",
-        description: "Complete support for GitLab, allowing users to onboard GitLab repositories and perform configuration checks, SBOM generation, and security scans.",
+        title: "CI/CD Security for Jenkins",
+        description: "Perform static analysis to detect risks and misconfigurations in Jenkins pipelines.",
       },
       {
         tag: [],
-        title: "SBOM & SLSA support for Jenkins",
+        title: "SBOM & SLSA Support for Jenkins",
         description: "Generate SBOMs and achieve SLSA compliance using Jenkins pipelines.",
       },
       {
         tag: [],
         title: "NIST SP800-204D Support",
         description: "Out of the box rules for supporting NIST SP800-204D compliance standards.",
       },
+      {
+        tag: [],
+        title: "SBOM Scoring in Drift Detection",
+        description: "View risk scores on dependencies that get added or removed between artifact drifts which contain vulnerabilities, have invalid licenses, or are unmaintained.",
+      },
       {
         tag: [],
         title: "Remediation Tracker",
         description: "Assign vulnerabilities & compliance issues to developers using remediation tracker to track across different types of targets (Artifact, CI/CD, Repos).",
       },
       {
         tag: [],
-        title: "SBOM Scoring in Drift Detection",
-        description: "View risk scores on dependencies that get added or removed between artifact drifts which contain vulnerabilities, have invalid licenses, or are unmaintained.",
+        title: "Exemption Management",
+        description: "Manage exemptions for risk and compliance issues across all targets (Artifact, CI/CD, Repos).",
+      },
+      {
+        tag: [],
+        title: "Automate OSS Dependency Updates with Harness AI",
+        description: "Leverage Harness AI to automatically generate PRs for updating outdated dependencies.",
       },
     ],
   },