> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Changelog
> Stay up to date with the latest features, improvements, and changes to DSALTA.
Here's what shipped this week.
***
## Updates
### Provider-specific remediation steps
Every compliance test now includes step-by-step remediation instructions tailored to the specific cloud provider. Instead of generic guidance, you'll see exact console paths and settings — for example, where to create a CloudWatch alarm in AWS, how to configure an alert rule in Azure Monitor, or where to set up a monitoring policy in GCP. This makes it faster to fix failing tests without leaving DSALTA.
Browse any test from the [Integrations](/integrations/overview) section — for example, [AWS DynamoDB latency should be monitored](/integrations/aws/aws-dynamodb-latency-should-be-monitored) or [Azure Defender should be enabled](/integrations/azure/azure-defender-should-be-enabled).
### Test metadata and framework mapping in the app
Test detail pages in DSALTA now display key metadata — including Test ID, SLA, responsible role, and sync frequency — directly in the platform. Compliance framework mappings for each test are also visible in the test detail view, so you can see which frameworks a test covers without switching to the docs.
View any test from **Data Library → Tests** or from an integration's test list.
### Cleaner test result statuses
Test results now show clearer status indicators — **Passing**, **Failing**, and **Not configured** — with direct action items for each state. Failing tests link straight to remediation steps, and SLA deadlines are managed dynamically in the platform rather than as fixed values.
Here's what shipped this week.
***
## New features
### Remediation guides on every compliance test
Every automated compliance test now includes a step-by-step remediation guide. When a test fails, you'll see exactly why it matters, what DSALTA checked, how to fix it, and which compliance frameworks it covers. Each test page also includes an FAQ section covering sync frequency, failure notifications, exclusions, and read-only access.
Browse any test from the [Integrations](/integrations/overview) section — for example, [AWS CloudTrail should be enabled](/integrations/aws/aws-cloudtrail-should-be-enabled) or [Code scanning alerts should be resolved](/integrations/github/code-scanning-alerts-should-be-resolved).
***
## Updates
### Redesigned integration pages
All integration landing pages now include expanded data collection details, key use cases, improved authentication guidance, and clearer post-connection expectations. You'll see exactly what data DSALTA collects, how it's used, and how long the initial sync takes.
See any integration page — for example, [Amazon Web Services (AWS)](/integrations/aws) or [GitHub](/integrations/github).
### Streamlined integrations overview
The [Integrations overview](/integrations/overview) page has been simplified with tighter descriptions and a cleaner data module mapping table, making it faster to understand what each integration provides.
### Supabase integration removed
The Supabase integration has been removed from the platform. If you were using it, your data has already been synced and existing evidence is unaffected.
Here's what shipped this week.
***
## New features
### GitHub security scanning tests
DSALTA now includes automated compliance tests for GitHub's built-in security features. Three new tests verify that code scanning alerts, secret scanning alerts, and Dependabot vulnerability alerts are resolved within SLA. Each test runs automatically when GitHub is connected and flags unresolved findings so your team can remediate before auditors ask.
See test details for [code scanning](/integrations/github/code-scanning-alerts-should-be-resolved), [secret scanning](/integrations/github/secret-scanning-alerts-should-be-resolved), and [Dependabot SLA](/integrations/github/dependabot-alerts-should-be-resolved-within-sla).
### GitLab compliance tests
Seven new automated tests now cover GitLab environments. DSALTA checks that group-level MFA is enforced, branch protection rules apply to admins, peer review is required before merging, CI status checks must pass, code repositories are classified, and offboarded users have their access removed. These tests run continuously once GitLab is connected.
See all GitLab tests in the [GitLab integration](/integrations/gitlab) page.
***
## Updates
### Control detail enhancements
The Control Detail drawer now shows richer metadata at a glance — including control ID, source, owner, review frequency, and current status. Evidence completion logic is clearer: a control is marked Completed only when all mapped policies, documents, and tests show a green checkmark. If anything is missing, it shows Needs Attention.
Explore any control from [Controls](/guides/compliance/controls) or [Control Detail](/guides/compliance/control-detail).
### Integration settings shortcut
You can now manage your connected integrations directly from **Settings → Integrations** without navigating to the main Integrations page. This mirrors the full integration management experience for faster access when you're already in Settings.
Manage integrations from [Settings → Integrations](/guides/settings/integrations) or the main [Integrations page](/integrations/overview).
### Policy detail improvements
The Policy Detail page now displays a unique policy ID, formal approval workflows with timestamps, and a controls mapping section that shows exactly which compliance controls each policy satisfies. Add or remove control mappings directly from the detail view, and use the comments section to collaborate with your team and auditors.
Open any policy from [Policies](/guides/data-library/policies) or [Policy Detail](/guides/data-library/policy-detail).
Here's what shipped this week.
***
## New features
### Change management tracking
DSALTA now automatically tracks change requests from connected project management and code repository integrations. GitHub Issues, Asana tasks, Linear tickets, and Trello cards feed a dedicated Changes module — giving you a complete audit trail of change request tickets, assignees, resolution status, and timelines. Automated tests verify that a ticketing system is configured, tickets have assignees, and change requests are resolved within 30 days.
See how integrations feed the Changes module in the [Integrations overview](/integrations/overview).
### Incident lifecycle tracking
Security incidents from monitoring tools like Datadog and Grafana are now tracked end-to-end in DSALTA. Incidents flow into a dedicated module with lifecycle status, so auditors can verify that reported incidents are investigated and closed. Automated tests check that incidents in GuardDuty, Microsoft Defender, and Security Command Center are resolved.
Connect a monitoring integration from [Settings → Integrations](/integrations/overview).
### Per-test documentation
Every automated compliance test now has its own documentation page with the test ID, what it checks, which integration it runs against, the responsible security role, and the SLA for remediation. Browse test docs directly from the [Integrations](/integrations/overview) section — for example, [AWS CloudTrail should be enabled](/integrations/aws/aws-cloudtrail-should-be-enabled) or [Branch protection should be enabled on repositories](/integrations/github/branch-protection-should-be-enabled-on-repositories).
***
## Updates
### Vendor questionnaire templates
When sending a security questionnaire to a vendor, you can now choose from pre-built templates — including GDPR Assessment, Cybersecurity Review, PCI DSS Compliance, and Risk Assessment — so you don't have to write questions from scratch. Select a template, set a deadline, and send.
Send a questionnaire from the [Vendor Questionnaires](/guides/vendors/questionnaires) page.
### Risk approval workflow
Risk assessments in the Risk Register now support a formal approval step. After setting likelihood, impact, and treatment plan, click **Approve** to lock in the assessment with a timestamp and approver name — creating a clear audit trail for your risk management process.
Manage risks in the [Risk Register](/guides/data-library/risk-register).
### Document SLAs
Every compliance document now has an automatically assigned SLA — typically 7 to 30 days depending on the document type. Due dates appear in the document list so your team can prioritize evidence collection and avoid falling behind on audit deadlines.
View document deadlines in [Documents](/guides/data-library/documents).
### Code review evidence
DSALTA now pulls pull request history, peer review status, and CI/CD check results from connected code repositories like GitHub, GitLab, Bitbucket, and Azure DevOps. This proves code review compliance — including that the author and reviewer are different people — and feeds directly into your framework evidence.
Connect a code repository from [Settings → Integrations](/integrations/overview).
Here's what shipped this week.
***
## New features
### Help Center with troubleshooting guides
A new Help Center is now available with dedicated troubleshooting guides covering the most common issues — integration connection errors, evidence sync problems, audit questions, Trust Center setup, and login or access difficulties. Each guide walks you through the fix step by step.
Browse all guides in the [Troubleshooting](/troubleshooting/integration-errors) section.
### Active frameworks management
A dedicated Active Frameworks page lets you see all your enabled frameworks in one place. Each card shows completion percentage, region, and standard type. You can deactivate frameworks you no longer need or click through to the full framework detail view — all without leaving the page.
Manage your frameworks in [Active Frameworks](/guides/compliance/frameworks-active).
***
## Updates
### Compliance FAQ
Common questions about frameworks, controls, policies, and audits are now answered in a dedicated FAQ. Topics include how controls map across frameworks, what "Needs Attention" means, how audit readiness is calculated, and what auditors can see.
Read the [Compliance FAQ](/guides/faq/compliance).
### Pricing FAQ
A new pricing FAQ covers plan structure, vendor monitoring tiers, framework activation, and trial options — so you can find answers without contacting sales.
Read the [Pricing FAQ](/guides/faq/pricing).
### Workspace and account controls
Owners and admins can now delete a workspace entirely from Settings, permanently removing all compliance data. Individual users can also delete their own account from the Profile page without affecting the organization workspace.
Manage your workspace in [Workspace Settings](/guides/settings/workspace) or your account in [My Profile](/guides/settings/my-profile).
### Framework settings shortcut
You can now activate or deactivate compliance frameworks directly from **Settings → Compliance Frameworks** — a shortcut that mirrors the main Compliance section for faster access.
See [Compliance Frameworks (Settings)](/guides/settings/compliance-frameworks).
Here's what shipped this week.
***
## New features
### MDM device enrollment
You can now enroll devices automatically through MDM integrations like JumpCloud, Google Endpoint, and Microsoft Intune — no manual agent install required. DSALTA pulls device compliance data directly, including a new password manager detection check alongside encryption, antivirus, screen lock, and OS version.
See all device sources in [Devices](/guides/data-library/devices).
### Framework preview mode
Before activating a new framework, you can now click **Explore** to preview its full requirements, areas, and controls. This lets you assess scope and effort without committing — helpful when deciding between similar frameworks.
Browse options in [Available Frameworks](/guides/compliance/frameworks-available).
### Workflow checks
A new evidence type — workflow checks — lets you track recurring manual verifications alongside policies, documents, and automated tests. These count toward your framework readiness metrics and give auditors visibility into processes that can't be fully automated.
Learn how evidence types work in [Key Concepts](/guides/getting-started/key-concepts).
***
## Updates
### Audit controls view
A new Controls tab inside each audit shows control coverage grouped by requirement area. See which controls have complete evidence and which still need work, with a framework overview that highlights your biggest gaps at a glance.
View audit controls in [Audit Controls](/guides/compliance/audit-controls).
### Audit evidence workflow
The evidence review process now includes clearer status tracking — Not Ready, Flagged, Ready, Accepted, and Not Applicable — with timestamps on every item for a complete audit trail. Both you and your auditor can leave threaded comments on any evidence item.
Learn more in [Audit Evidence](/guides/compliance/audit-evidence).
### Manual vs. automated vendor monitoring
When adding a vendor, you now choose between AI-powered continuous monitoring or self-managed manual assessments. Use automated monitoring for critical vendors and manual for lower-tier ones to balance depth with cost.
Set it up in the [Vendor List](/guides/vendors/vendor-list).
### Vendor compliance certifications
The vendor summary page now displays which certifications a vendor holds — ISO 27001, SOC 2, GDPR, and others — so you can quickly assess regulatory alignment without reading the full risk report.
Check vendor profiles in [Vendor Summary](/guides/vendors/vendor-summary).
### Trust Center settings
A dedicated settings page lets you customize your Trust Center subdomain, connect a custom domain with automatic SSL, and configure DNS records — all in one place.
Set up your domain in [Trust Center Settings](/guides/trust-center/settings).
Here's what shipped this week.
***
## New features
### Supabase integration
DSALTA now connects to Supabase. Once linked, it pulls user access data and database inventory automatically — giving you compliance evidence without manual work. Like all integrations, access is read-only.
Connect Supabase from [Settings → Integrations](/integrations/overview).
### Access reviews
A new Access page shows who has access to which systems across all your connected integrations. Filter by integration, verify permissions, and spot deactivated accounts — all in one place. Useful for quarterly access reviews required by SOC 2 and ISO 27001.
Review access in [People & Access](/guides/data-library/access).
### Notification preferences
You can now control which email alerts you receive. Toggle notifications for vendor risk changes, platform updates, task assignments, audit activity, and evidence updates — so you stay informed without the noise.
Manage your preferences in [Notifications](/guides/settings/notifications).
***
## Updates
### Security posture score on the dashboard
Your compliance dashboard now displays a customer-facing security posture score out of 1,000. A score of 800 or above is considered healthy. This gives you a quick read on your overall security standing alongside your existing framework readiness metrics.
See your score on the [Dashboard](/guides/dashboard/overview).
### Security roles
Security roles now have a dedicated settings page. Assign organizational compliance roles — InfoSec Officer, Privacy Officer, and People Operations — and DSALTA automatically routes the right tasks to the right people. One person can hold multiple roles on smaller teams.
Configure roles in [Security Roles](/guides/settings/security-roles).
### Policy detail view
The policy detail page now includes inline editing, formal approval workflows, PDF export, unique policy IDs, and a comments section for team and auditor collaboration. You can also manage which controls each policy maps to directly from the detail view.
View any policy from [Policies](/guides/data-library/policies).
### Control detail drawer
Clicking any control now opens a detail drawer with three tabs: Evidence & Monitoring (mapped policies, documents, and tests), Risk Scenarios (pre-evaluated risks the control mitigates), and Mapped Frameworks (every framework the control applies to). Completing evidence in one framework automatically satisfies it everywhere else.
Explore controls in [Controls](/guides/compliance/controls).
This week's release is a big one. Here's everything that shipped.
***
## New features
### Compliance dashboard
Your new home in DSALTA. See audit readiness across every active framework at a glance — controls completion, policy approvals, test pass rates, document uploads, Trust Center status, and overdue tasks, all in one place.
Learn more in the [Dashboard overview](/guides/dashboard/overview).
### Employee portal
Employees now have their own portal for completing compliance tasks. When policies, training, or documents are assigned, they receive an email invitation and can work through everything in one place — no admin access required.
Learn more in [People & Groups](/guides/data-library/people).
### Device agent
Employees can install a lightweight agent from their portal to register laptops and desktops for security monitoring. DSALTA tracks encryption, antivirus, screen lock, OS version, and more. Devices not yet enrolled appear in a separate unmonitored list so nothing slips through.
See how it works in [Devices](/guides/data-library/devices).
### Single sign-on (SSO)
Sign in to DSALTA with your existing identity provider. Google Workspace and Microsoft Entra ID are both supported — no separate password needed.
See supported options in the [General FAQ](/guides/faq/general).
### Audit management
Run audits end-to-end inside DSALTA. Create an audit, select a framework, invite your auditor by email, and give them limited read-only access to review evidence. Auditors can accept, flag, or mark evidence as not applicable, and both sides can leave comments.
Get started with [Audits](/guides/compliance/audits).
### AI-generated policies
Generate compliance policies tailored to your company profile and active frameworks. Edit inline, track versions, and map each policy to its supporting controls. Annual renewal reminders are sent automatically.
Manage your policies in [Policies](/guides/data-library/policies).
### Controls management
View and manage all compliance controls across your active frameworks in a single table. Filter by status, framework, or owner, and bulk-assign control owners. Completing evidence for one control automatically satisfies it everywhere it's mapped.
See your controls in [Controls](/guides/compliance/controls).
### Risk register
Document, score, and treat organizational risks. Each risk is scored by likelihood and impact with inherent and residual ratings. Choose from four treatment plans — mitigate, accept, transfer, or avoid — and map risks to controls. A pre-built [Risk Library](/guides/data-library/risk-library) helps you get started quickly.
See your risks in the [Risk Register](/guides/data-library/risk-register).
### AI-powered vendor risk scoring
Every vendor is scored automatically across ten security categories — from application security to dark web exposure — with a 0–1,000 rating and letter grade. DSALTA scans domains and IP addresses, tracks score trends over time, and generates a detailed AI risk assessment.
View scores in the [Vendor Summary](/guides/vendors/vendor-summary) or the full [Risk Assessment](/guides/vendors/risk-assessment).
### Vendor questionnaires with AI-assisted responses
Send structured security questionnaires to your vendors directly from DSALTA. Choose from pre-built templates, set a deadline, and track responses. Vendors can use DSALTA's AI assistant to help draft their answers at no cost.
Learn more in the [Vendor Questionnaires](/guides/vendors/questionnaires) guide.
### Trust Center questionnaires
Upload inbound security questionnaires and let AI draft responses based on your existing compliance data. Each answer is reviewed and approved by your team. Over time, DSALTA builds a knowledge base from approved answers so responses get faster.
See how it works in [Trust Center Questionnaires](/guides/trust-center/questionnaires).
### Trust Center
Launch a public-facing Trust Center to share your security posture with customers. Customize branding, display certifications, publish downloadable resources with access controls, list subprocessors, and add FAQs. Custom domains with automatic SSL are supported.
Set up yours in the [Trust Center overview](/guides/trust-center/overview).
### Fourth-party discovery
DSALTA automatically discovers the sub-vendors and technology providers your vendors depend on. See which fourth parties appear across multiple vendor relationships to spot supply-chain concentration risks.
Explore your supply chain in [Fourth Parties](/guides/vendors/fourth-parties).
### Vulnerability tracking
Track CVEs across your infrastructure with CVSS severity scoring. Vulnerabilities are detected through connected security integrations and vendor risk scanning, with base scores, affected assets, and remediation status.
View your vulnerabilities in [Vulnerabilities](/guides/data-library/vulnerabilities).
### Guided onboarding roadmap
A four-phase setup wizard walks you through configuring your compliance program — from initial setup through policies, tests, risks, and audit readiness. Each phase includes AI-assisted guidance, estimated times, and a progress tracker.
Follow along in the [Onboarding Roadmap](/guides/getting-started/onboarding-roadmap).
### Academy
A new learning hub with product training courses and compliance education. Whether you're onboarding or preparing for an audit, Academy walks you through DSALTA's features and frameworks.
Start learning in [Academy](/guides/academy/overview).
### 36 integrations with 250+ automated tests
Connect your tools and DSALTA starts collecting compliance evidence automatically. All integrations use read-only API access.
**Identity providers** — [Google Workspace](/integrations/google-workspace), [Microsoft Entra ID](/integrations/microsoft-entra-id), [Azure Active Directory](/integrations/azure-active-directory), [Okta](/integrations/okta), [JumpCloud](/integrations/jumpcloud), [OneLogin](/integrations/onelogin)
**Cloud infrastructure** — [AWS](/integrations/aws), [GCP](/integrations/gcp), [Azure](/integrations/azure), [DigitalOcean](/integrations/digitalocean), [Heroku](/integrations/heroku), [Netlify](/integrations/netlify)
**Code repositories** — [GitHub](/integrations/github), [GitLab](/integrations/gitlab), [Bitbucket](/integrations/bitbucket), [Azure DevOps](/integrations/azure-devops)
**Security & monitoring** — [Qualys](/integrations/qualys), [Wiz](/integrations/wiz), [Microsoft Defender for Endpoint](/integrations/microsoft-defender), [Datadog](/integrations/datadog), [Grafana](/integrations/grafana), [Sentry](/integrations/sentry), [Cloudflare](/integrations/cloudflare)
**Databases** — [MongoDB Atlas](/integrations/mongodb-atlas), [Snowflake](/integrations/snowflake)
**SaaS & productivity** — [Slack](/integrations/slack), [Asana](/integrations/asana), [Linear](/integrations/linear), [Trello](/integrations/trello), [Figma](/integrations/figma), [HubSpot](/integrations/hubspot), [Salesforce](/integrations/salesforce), [Zoom](/integrations/zoom), [Box](/integrations/box), [Intercom](/integrations/intercom)
Each integration includes automated compliance tests covering MFA enforcement, access reviews, encryption, backups, and infrastructure monitoring. Results appear in your [Tests](/guides/data-library/tests) dashboard.
Learn more in the [Integrations overview](/integrations/overview).
***
## Updates
### On-demand test runs and source data
Trigger any compliance test immediately with the **Run Test** button. A new **Source Data** tab shows the raw data DSALTA pulled from your integration, and the **Result History** timeline tracks every previous run. You can also deactivate tests that aren't applicable.
Explore test details in [Test Detail](/guides/data-library/test-detail).
### Framework readiness dashboard
The Framework Detail page now shows readiness metrics at a glance — areas, criteria, mapped controls, and an overall readiness percentage. When browsing available frameworks, an **overlap percentage** shows how much work carries over from frameworks you've already activated.
See your progress in [Framework Detail](/guides/compliance/framework-detail) and browse options in [Available Frameworks](/guides/compliance/frameworks-available).
### Vendor risk findings history
A new Risk History page shows every security finding for a vendor, organized by severity. Each finding includes affected domains or IPs, category, first-detected date, and remediation steps. Use **Manage Risk** to generate a remediation plan across multiple findings.
View findings in [Risk History](/guides/vendors/risk-history).
### Automated vendor discovery
DSALTA detects vendors automatically based on your employees' tools and connected integrations. Instead of building your vendor list manually, you'll see suggestions to add detected vendors with a single click.
Get started in the [Vendor List](/guides/vendors/vendor-list).
### Custom vendor tiers and portfolios
Rename default vendor tiers, create new ones, and define custom portfolio categories beyond the built-in Supplier type — for example, Service Provider, Technology Partner, or any label that fits your organization.
Configure tiers and portfolios in [Vendor Risk Settings](/guides/settings/vendor-risk-management).
### Vendor remediation workflows
Send formal remediation requests to vendors with deadlines and automated email reminders. Track acknowledgment and resolution through a dedicated vendor portal.
Learn more in [Remediations](/guides/vendors/remediations).
### Vendor executive summary
A single dashboard showing total vendor count, average risk scores, grade distribution, and tier breakdowns. Quickly identify your highest- and lowest-rated vendors and spot fourth-party concentration risks.
View your portfolio in the [Vendor Executive Summary](/guides/vendors/executive-summary).
### Group onboarding and offboarding automation
Groups now support onboarding and offboarding tasks that trigger automatically when someone joins or leaves. Assign policies, training, and custom tasks to a group once, and every new member gets them on day one.
Set up groups in [People & Groups](/guides/data-library/people).
### Trust Center visitor analytics and social proof
Your Trust Center now tracks visitor activity — total visitors, page views, and document downloads over time. Add trusted customer logos as social proof, and publish updates to share news or security announcements.
Customize your Trust Center in the [Trust Center overview](/guides/trust-center/overview).
### Trust Center access management
Review and approve or deny document access requests from customers. An access log shows who has been granted access, pages viewed, and activity history.
Manage access in [Trust Center Access](/guides/trust-center/access).
### Document evidence management
Upload and organize compliance evidence documents — board charters, insurance certificates, SOC reports, and more. Drag and drop files, and related control statuses update automatically. Team members can collaborate with comments.
Manage your documents in [Documents](/guides/data-library/documents).
### Asset inventory
DSALTA automatically discovers and catalogs all hardware, software, and cloud assets from connected integrations. View service names, sources, accounts, regions, and descriptions in one centralized inventory.
Browse your assets in [Inventory](/guides/data-library/inventory).
### Company and product profiles
Define your company information and product or service details in new settings pages. Configure security and legal URLs — Privacy Policy, Terms & Conditions, Support, and Security Email. This information feeds into your Trust Center, policies, and audit reports.
Set up your profiles in [Company Information](/guides/settings/company-information), [Product / Service](/guides/settings/product-service), and [Security & Legal URLs](/guides/settings/security).
### Task management
Compliance tasks are assigned automatically based on your team's security roles. Each task has an SLA and is grouped by priority — overdue, urgent, upcoming, and not scheduled. Filter by assignee, status, or category.
Learn more in [My Tasks](/guides/tasks/my-tasks).
### Team management and roles
Invite team members by email and assign roles — Owner, Admin, Member, or Auditor — each with distinct permissions. Assign security roles like InfoSec Officer or Privacy Officer to automatically route compliance tasks.
Set up your team in [Team Members](/guides/settings/members) and review permissions in [Roles & Permissions](/guides/settings/roles-and-permissions).
### Data export
Export evidence lists, policy documents, control mappings, and audit reports directly from the platform.
### 18 framework guides
Dedicated guides for SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HITRUST, DORA, NIS 2, NIST 800-171, CIS Controls v8, NIST AI RMF, ISO 42001, EU AI Act, TISAX, NYCRR 500, US Data Privacy, ISO 9001, and APRA CPS 234. Each explains what the framework requires and how DSALTA helps you get compliant.
Browse all guides in the [Framework Guides](/frameworks/soc2/overview) tab.