Integrity plus trust context
Optional backend jobs for certificate-chain, revocation, timestamp, catalog, and kernel-module keyring context, with network-safe controls that never block scan browsing.
What's Coming
VersionGopher™ software genomics for serious software decisions.
VersionGopher™ now captures richer binary, package, signature, and provenance evidence. The roadmap turns that evidence into trust enrichment, software-genome comparisons, case-ready reporting, and protected workflows for teams that inherit complex software estates.
Footage: DVIDS · CNMF Mission Video · Courtesy Video, U.S. Cyber Command · Video ID 998594
Coming Focus
High-level roadmap themes
Org-scoped data protection
Encryption, audit, retention, and export controls for sensitive scan evidence and diligence workflows, including batch-aware protected writes before encrypted customer-scan mode claims the full import-speed gain.
Speed without hidden tradeoffs
Future import and matcher optimizations will keep using restored-snapshot A/B runs, PostgreSQL counters, WAL/FPI context, and row-count parity so performance claims stay attached to evidence.
Package risk without feed confusion
Scheduled OSV/package-advisory refresh operations, malicious-package analytics, richer lockfile parsing, and clearer separation between package advisories and NVD/CPE CVEs.
Relationships, not just rows
Connect files, hashes, versions, CVEs, signers, hosts, scans, and analyst notes into a bounded evidence graph.
Repeatable baselines
Host-aware scan timelines, approved baselines, and drift summaries for teams that scan the same fleets, golden images, and build runners on a schedule.
Evidence for hard-to-see assets
Support laptops, servers, embedded Linux, firmware, offline systems, spacecraft, proliferated satellite constellations, and future orbital data centers.
Complement existing platforms
Use content platforms, ticketing, SIEM, legal, and repository systems as inputs or destinations while staying focused on software evidence.
See where critical code moved
Hashes, versions, paths, signatures, and provenance create a software genome that can reveal drift, inheritance, and unexpected movement of critical code.
Why It Matters
The buyer is bigger than vulnerability management.
M&A teams, CISOs, incident responders, operators, and mission leaders all need defensible answers about inherited and deployed software. Software genomics gives them a language for comparing those environments without pretending a single machine ID or filename tells the whole story.
Diligence
Understand what software risk is being inherited before and after a deal.
Security leadership
Find exposed keys, vulnerable binaries, suspicious signatures, risky archives, and drift.
Mission assurance
Bring embedded, offline, satellite, and space-based compute systems into a repeatable evidence workflow.
Product Boundary
Stay in the lane: software evidence.
VersionGopher is not a document repository, DLP suite, SIEM, eDiscovery platform, or legal opinion engine. It complements those systems by owning software evidence: binaries, scripts, archives as containers, hashes, versions, signatures, package evidence, provenance, and CVE/advisory rationale.
01Metadata-first
Documents and archives stay metadata-only by default.
02Evidence-first
Keep provenance, hashes, signatures, versions, and scan context together.
03Integration-first
Connect adjacent systems without trying to replace them.
Bring us a hard target
Bring a real scan, inherited environment, embedded target, or diligence question.