Product Release Recap: Q4 2025

Quests

Quests have seen significant structural upgrades this quarter, moving from standalone training modules to sophisticated, automated learning journeys.

• Quest Programs: You can now sequence multiple Quests into a single, structured learning path. Learners unlock the next stage automatically upon completion, ensuring a progressive step-by-step journey.
• Decentralized Management: Team Managers now have the power to create and assign Quests. This reduces the bottleneck on central Admins and allows team-specific training to be managed by those closest to the developers.
• Granular Quiz Controls: New "Quiz Access Rules" allow you to set quizzes as Mandatory (must complete all activities), Optional (test out immediately), or Mandatory after failure. You can also now configure Quiz Retry Wait Times.
• Admin Utilities:
  • PDF Curriculum Preview: Download a full breakdown of training activities by language to share with internal stakeholders.
  • Enhanced Email Reminders: Greater control over frequency to drive engagement without over-communicating.
  • Flexible Scheduling: Participation controls now sit at the individual Quest level within Programs for maximum flexibility.

Content

Our content library continues to evolve alongside the latest security research and global standards, with a heavy emphasis on AI security.

• OWASP Alignment: * The 2025 OWASP Web Top 10 has been applied across the entire platform (Quests, Learn, and Assessments).
  • OWASP LLM Top 10: Added Python LangChain as a new language with hands-on activities for every vulnerability.
• AI & Emerging Tech:
  • 146 New AI Challenges: Added across various stacks including Java Spring, C#, Python, and Node.js.
  • Python MCP SDK: New language pathway aligned with SCW’s "MCP Top 10" vulnerabilities.
  • New Topics: Added "LLM Security Design Patterns" and "Vibe Coding: Risk Management Framework."
• Compliance & Localization:
  • Cyber Resilience Act (CRA): New CRA-aligned objectives and "Secure by Design" topic collections.
  • Global Reach: Missions and Walkthroughs are now fully translated into Spanish, French, German, Korean, Chinese (Simplified/Traditional), and Japanese.
• Open Source: Language-specific Python security rules have been added to our public AI Security Rules repository.

Trust Agent

Trust Agent is becoming more intelligent in how it maps real-world coding activity to SCW.

• Developer Discovery: Admins can now analyze code committers to identify "missing" learners. You can review these contributors, assign them to teams, and invite them to the platform in bulk.

• Commit Merging: Trust Agent now provides Email Merge Suggestions. Using name and email similarity, it identifies different commit aliases that belong to the same person and suggests mapping them to a single platform learner.

  

Administration & Reporting

We have introduced new dashboards and automated data pipelines to make program oversight more intuitive.

• Team Manager Dashboard: A new dedicated homepage for managers to track Quest completion, Trust Scores, and engagement metrics (new/active learners, time spent) for their specific teams.
• Native API Connectors: Eliminate manual CSV uploads. You can now sync vulnerability data directly from Snyk, GitHub Advanced Security, Fortify, and Polaris with customizable lookback periods (3–24 months).
• Advanced Reporting:
  • Trust Score Improvements: New filters for team, tag, and role, plus an extended timeline tracking up to 24 months of progress.
  • Export All Activity: A new granular export option in the Engagement report allows for a CSV download of every individual activity completed by users over the last 12 months.