Feature Matrix

CascadeGuard Feature Matrix

Internal reference for what ships when. Each feature has a single mark in the column representing its current target.

---

Secure Images

Feature	Done	In Progress	V1 Launch	Future
10 hardened base images on Docker Hub (public)		X
Non-root enforcement, SUID stripping, binary removal	X
Dual-scanner (Grype + Trivy)	X
SBOM generation (SPDX + CycloneDX)	X
Image signing (Cosign)	X
SLA-driven auto-rebuild (24h critical, 168h high)		X
Expanded catalog (25+ images, registered users)			X
Rolling-tag-only deprecation (3-month grace)			X
Custom hardening profiles				Enterprise
Data-driven catalog expansion (pull analytics)				X

Public Dashboard

Feature	Done	In Progress	V1 Launch	Future
Image catalog with status badges		X
Per-image CVE list by severity		X
SBOM viewer with diff		X
Rebuild history timeline		X
Embeddable README badges		X
Upstream image status (delta vs hardened)			X

CLI (Open Source, Free Forever)

Feature	Done	In Progress	V1 Launch	Future
images init — scaffold from seed repo	X
images validate — validate images.yaml	X
images check — discover base images, check drift	X
images enrol — add image to monitoring	X
tools pin — resolve action tags to SHAs	X
tools audit — audit workflow files with policy validation	X
tools policy init — scaffold actions-policy.yaml	X
scan — discover and analyse container artifacts	X
CLI namespace rename (actions → tools)		X
GitLab support			X
Argo CD support			X

Try-Me / Test-Us Flow

Feature	Done	In Progress	V1 Launch	Future
Dockerfile paste scan (no sign-up, rate-limited)		X
Email gate to unlock full report		X
Zip upload (sign-up required)			X
GitHub repo link (temporary OAuth)			X
Git push to temporary remote (UUID-auth)				X
7-day report retention + PDF export			X

Secure Tools (CI Pipeline Security)

Feature	Done	In Progress	V1 Launch	Future
Action tag-to-SHA pinning (via tools pin)	X
Action audit with policy validation (via tools audit)	X
Action dependency scanning (Node, Docker, composites)			X
Upstream monitoring (tag-move detection)			X
Tools in dashboard alongside images			X
72-hour delay window for new versions (configurable)			X
Policy enforcement (deny-by-default, allowlisting)			X
GitLab CI			X
CircleCI / Jenkins support				Future

Free Personalised Assessment

Feature	Done	In Progress	V1 Launch	Future
Questionnaire-based security profiling			X
Weighted vulnerability recommendations			X
AB-testable assessment flow			X
Lead capture to HubSpot			X

Secure Packages (Phase 2)

Feature	Done	In Progress	V1 Launch	Future
Quarantine-based package proxy (pip, npm)				Phase 2
48-72 hour hold on new versions				Phase 2
Transparent caching proxy with configurable policies				Phase 2
Maven, Go modules, RubyGems support				Phase 3

Platform & SaaS Tiers

Feature	Done	In Progress	V1 Launch	Future
Free (no account)
Public dashboard + CLI + 10 Docker Hub images		X
Session-based workload comparison			X
Try-Scan one-shot (rate-limited, no history)		X
Registered (free account)
Full catalog access (25+ images, comparison only)			X
Scan up to 3 own images/month (saved results)			X
Email alerts for new CVEs			X
Historical trend data			X
Starter ($49/mo)
Scan up to 20 own images/month			X
CI/CD integration (GitHub Actions, GitLab CI)			X
Policy-as-code (base image + threshold rules)			X
Team access (up to 5 seats)			X
Pro ($199/mo)
Unlimited own-image scans			X
Private managed registry			X
SBOM export + compliance reporting (SOC2, HIPAA)			X
Team access (up to 20 seats)			X
Enterprise (custom)
Dedicated registry namespace with SLA				X
Custom hardening profiles + SSO/SAML				X

Infrastructure & Integrations

Feature	Done	In Progress	V1 Launch	Future
Auth: Clerk (GitHub, Gitlab, email, Google OAuth)		X
Database: Cloudflare D1		X
Processing: Cloudflare Workers + R2		X
Abuse prevention: Turnstile CAPTCHA			X
Lead gen: HubSpot drip campaigns			X
Kargo/ArgoCD/Flux integration				Future
AI-driven hardening recommendations				Future
SLSA attestation / supply chain risk scoring				Future

---

Legend: Done = shipped and working, In Progress = actively being built, V1 Launch = targeted for v1 release, Future/Phase N/Enterprise = roadmap items without firm timeline. Each feature appears once in its target column.

Source PRDs: free-personalised-assessment, secure-actions, upstream-status-integration, test-us-flow. See also: growth-strategy.md (tier pricing), secure-packages.md (Phase 2), managed-image-deprecation.md (lifecycle).