Changelog

Superagent now gives security and platform teams a deeper way to understand who is contributing code. Deep Contributor Credit Score analyzes contributor history, repository context, and patch-level evidence to produce an explainable trust signal before a pull request reaches production.

Hydrated contributor history

The score reviews hydrated historical pull requests for the contributor, looking across performance optimization work, cross-repository patterns, internal product features, safety infrastructure, and other high-signal code paths. This gives reviewers more context than the current diff alone can provide.

Explainable trust signals

Each score includes the evidence behind the result: CLA status, last activity, organization alignment, issue linkage, omitted evidence, and confidence levels for patch-level review. Teams can see why a contributor is trusted, suspicious, or needs additional review without reverse-engineering a black-box verdict.

Patch-level safety review

Contributor scoring is combined with patch-level inspection for risky behavior such as credential access, hidden network calls, dependency abuse, permission broadening, or suspicious code paths. The result is a focused review workflow that helps teams distinguish trusted collaboration from changes that need deeper investigation.

Superagent now meets your team where work already happens: on GitHub. This release connects repository configuration, automated adversarial testing, CLA management, and advisory triage into a single workflow, so you can ship faster without trading off security review.

Configure repositories

Choose which repositories Superagent protects, set scan and policy preferences per repo, and keep ownership clear across your organization. Onboarding is straightforward: connect GitHub, pick the repos that matter, and your team gets a consistent baseline before code or agents reach production.

Adversarial tests on GitHub events

Trigger adversarial tests automatically from GitHub events, such as pull requests and pushes, so risky changes are challenged before they merge. Tests run in the background against your configured policies, surfacing failures and findings where developers already review code.

Create and manage CLAs

Create and manage Contributor License Agreements without leaving Superagent. Define agreement templates, track contributor status, and keep open-source contribution workflows compliant as your projects and policies evolve.

Triage GitHub advisories automatically

Incoming GitHub security advisories are triaged automatically: Superagent assesses severity and relevance, groups related signals, and helps your team focus on what needs action now versus what can wait. Less manual sorting, faster response when a dependency or repo is at risk.