SaaSFort Three updates shipped this week that change how SaaSFort fits into your development and sales workflows. CI/CD pipeline integration means security scanning happens automatically on every deploy. A free 40-page security playbook gives your team a complete NIS2 and enterprise-readiness framework. And eight consecutive 100% QA scores mean the platform is the most reliable it’s ever been.
CI/CD Integration: Scan on Every Deploy
The most requested feature since launch: trigger a SaaSFort scan directly from your CI/CD pipeline and gate deployments on security results.
How It Works
Synchronous CI gate — POST /api/v1/ci with a threshold parameter (e.g., minimum_grade: "B") and an optional fail_on severity level. The API runs a full 60-check scan and returns a pass/fail verdict your pipeline can act on. If the grade drops below your threshold, the deployment stops.
Asynchronous webhook — POST /api/scan/webhook accepts a callback_url. SaaSFort runs the scan in the background and POSTs results to your endpoint when complete — with automatic retry (3 attempts, exponential backoff). Use this when you don’t want your pipeline waiting for scan completion.
Configuration snippets — GET /api/v1/ci/config returns ready-to-paste configuration for GitHub Actions, GitLab CI, and Jenkins. Copy, set your API key as a secret, and you’re done.
Per-User API Keys
Every team member can now generate their own API key via POST /api/me/api-key. Keys use an sf_ prefix for easy identification in logs. Both the global API key and per-user keys work for CI/CD endpoints — so your CI pipeline uses one key while individual developers can trigger scans from their terminals.
Why This Matters for Enterprise Deals
Enterprise buyers increasingly ask: “Is security testing integrated into your development workflow?” A security questionnaire that asks about your SDLC security practices can now be answered with a screenshot of your CI pipeline config showing automated SaaSFort scanning on every deploy. That’s stronger evidence than “we run periodic scans” — it proves security is built into your release process.
For the full context on how continuous monitoring strengthens your vendor assessment responses, the CI/CD integration closes the gap between “we scan regularly” and “we scan on every change.”
The SaaS Security Playbook 2026 — Free Download
We published a 40-page security playbook covering the eight security domains enterprise buyers evaluate. It’s free, available in five languages (English, French, German, Spanish, Italian), and requires no account to download.
What’s Inside
The playbook covers practical, sequenced steps for teams without a dedicated security department:
- External security posture — the 60-check framework, weighted scoring, and what each grade means
- Compliance mapping — turning scan results into NIS2, ISO 27001, and OWASP ASVS evidence
- Authentication and access control — MFA, SSO, audit logging, SCIM provisioning
- Data protection — encryption requirements, GDPR privacy-by-design, DDQ response templates
- Incident response — 24-hour notification workflows for NIS2 compliance
- Business continuity — backup, DR testing, and uptime documentation
- Supply chain security — subprocessor management and vendor assessment evidence
- Vulnerability management — scanning cadence, remediation SLAs, disclosure policies
Use It as a Sales Tool
The playbook doubles as lead generation. Share the download link during enterprise conversations — it positions your company as security-aware before the formal assessment begins. Several early users report attaching the playbook alongside their Deal Report in DDQ responses to provide both specific evidence (the scan) and strategic context (the playbook).
8 Consecutive 100% QA Scores
SaaSFort runs automated quality assurance on every deployment. Two independent test suites — prospect experience (22 criteria) and client experience (36 criteria) — cover the entire user journey from first scan to PDF report generation.
The last eight deployments scored 100% on both suites. Zero regressions, zero broken journeys, zero critical findings.
| QA Suite | Criteria Tested | Last 8 Deploys |
|---|---|---|
| Prospect experience | 22 criteria + 5 journeys + 6 mobile | 100% × 8 |
| Client experience | 36 criteria + 4 journeys + 6 mobile | 100% × 8 |
This isn’t a marketing number — it’s the output of real browser-based testing that clicks through every flow, checks every API response, and verifies every page renders correctly at mobile and desktop viewports.
What Gets Tested
- Homepage, pricing, scan, blog — all return 200, load under 3 seconds
- Scan flow completes end-to-end: domain input → SSE streaming → results → grade display
- Stripe checkout loads correctly for all 6 pricing tiers (monthly + annual)
- Report generation produces multi-page branded PDFs
- Security headers present on all pages (HSTS, CSP, X-Frame-Options, X-Content-Type-Options)
- Mobile responsive at 375px viewport — navigation, scan flow, auth, dashboard all usable
By the Numbers: March 2026
| Metric | Value |
|---|---|
| Blog articles published | 59 |
| Scanner checks per scan | 60 across 21 categories |
| Scan time | < 60 seconds |
| Pricing tiers | 6 (3 monthly + 3 annual) |
| Whitepaper languages | 5 (EN, FR, DE, ES, IT) |
| QA score streak | 8 × 100% |
| CI/CD endpoints | 4 (sync gate, async webhook, config snippets, API key management) |
| Competitor comparisons | 7 articles (Nessus, Detectify, Intruder, SecurityScorecard, Aikido, HostedScan, Vanta) |
What’s Next
April priorities: NIS2 compliance export (audit-ready PDF mapping all findings to Article 21 measures), multi-domain dashboard for teams managing several products, and expanded API documentation. The October 2026 NIS2 enforcement deadline is six months away — every feature we ship between now and then is designed to make compliance evidence automatic, not manual.
FAQ
How do I add SaaSFort to my CI/CD pipeline?
Call GET /api/v1/ci/config to get ready-to-paste configuration for GitHub Actions, GitLab CI, or Jenkins. Set your API key as a pipeline secret, configure your minimum grade threshold, and the scan runs automatically on every deploy. The CI/CD integration docs include step-by-step examples.
Is the whitepaper really free? Yes. No paywall, no “schedule a demo” gate. Go to saasfort.com/whitepaper, pick your language, and download. We built it as a resource for the B2B SaaS community — and as a conversation starter during enterprise sales.
What happens if my CI/CD scan fails the grade threshold?
The API returns a fail verdict with the current grade and findings. Your pipeline can halt the deployment, send a Slack notification, or log the result — whatever your workflow requires. The async webhook version sends results to your callback URL so you can process them however you want.
Add security scanning to your next deploy. Run a free scan → or grab your API key to integrate SaaSFort into your CI/CD pipeline today.
Von der Theorie zur Praxis
Scannen Sie Ihre Domain kostenlos. Erste Ergebnisse in unter 10 Sekunden — ohne Registrierung.