What’s New in Q2 2026: More Data-Driven Insights, Expanded Landscape Visibility, and Intelligent Automation to Accelerate Response

At a Glance: Q2 2026 Release Highlights

• New enhanced reporting capabilities and performance metrics across Onapsis Security Advisor and Onapsis Defend to further drive prioritization and identify operational inefficiencies 
• New Onapsis Defend support for SAP Web Dispatcher 
• Next wave of Rapid Controls for Onapsis Defend focused on misconfigurations 
• New automated workflow notifications for Onapsis Control to accelerate response times for urgent requests

Securing complex ERP environments can be challenging, as it requires teams to maintain a proactive security posture that can outpace modern threat actors without creating unnecessary organizational gridlock that impedes business. As the only SAP^® Endorsed App for cybersecurity, Onapsis is uniquely positioned to modernize business-critical application security around what matters most to enterprise defenders: speed and cutting-edge threat intel. 

Our Q2 2026 platform update directly addresses these priorities across our core products. Through the expansion of SAP coverage and updates to current, time-saving security capabilities, our latest innovations focus on helping organizations more efficiently protect their SAP landscapes against accelerating cyberattacks.

To maximize your team’s operational impact, this quarter’s release delivers value across three strategic pillars:

• Greater Efficiency Through Expanded Automation: Eliminate daily friction and accelerate turnaround times with one-click compensating controls launched directly from the vulnerability interface, and automated workflow notifications to accelerate response times for approvers when new SAP transport requests have been submitted.
• Data-Driven Operational Clarity & Posture Insights: Instantly uncover underlying operational gaps and risk exposure trends with advanced performance analytics and a new centralized findings API, enabling your teams to quickly identify process inefficiencies or posture shifts and confidently adapt their remediation and development strategies accordingly. 
• Security for Points of Ingress and Egress: Guard the “front door” of your SAP systems with standalone Web Dispatcher monitoring while locking down code scanning with granular GitHub permissions and automated file-path validation.

Greater Efficiency Through Expanded Automation in Onapsis Defend & Control

Knowing that threat actors are moving faster than ever and security teams continue to be under-resourced, Onapsis is continuing to focus heavily on removing systemic friction from daily workflows and accelerating reaction times for both security and development teams. We continually try to take on the “heavy lifting” so practitioners can shift their focus toward executing high-value risk mitigation tasks.  

• One-Click Risk Mitigation (Defend Rapid Controls Phase 3): After successful launches focused on exploits and over-privileged users, we’re expanding the scope of our Defend Rapid Controls to now auto-cover misconfigurations for our customers. This expansion means when Onapsis Assess identifies an insecure configuration, you can now instantly deploy a bespoke, targeted compensating control in Onapsis Defend to monitor and alert on activity targeting that insecure setting. Rapid Controls are designed to help you quickly address the risk of open vulnerabilities, critical for frameworks like NIS2, by eliminating manual controls configuration overhead. 
• Accelerated Response Times: In Onapsis Control, approvers no longer have to manually check for new requests. They now receive notifications from their SAP Business Workplace as soon as new transport approval requests inside the SAP^® Transport Management System (TMS) have been submitted. The introduction of immediate, automated email or mobile notifications directly drives down response latency for urgent operational tasks.  
• Simplified Code Vulnerability Prioritization: The addition of a new Test Case Category Column in the Control Eclipse Plugin allows developers to instantly filter and sort defects by critical impact areas (e.g., Security, Compliance, Performance) directly within their integrated development environment (IDE), enabling faster remediation of critical issues. 

Data-Driven Operational Clarity & Posture Insights

Empowering your organization to make smart, strategic decisions faster is always a key driver behind our product innovation. This quarter, we are continuing to expand our reporting and metrics capabilities to equip your teams with the high-fidelity insights they need to make informed decisions much more quickly. By surfacing complex landscape trends, these features deliver rapid, centralized visibility into hidden operational issues and security posture shifts that require your attention. This ensures your teams can quickly diagnose underlying problems, confidently pivot their security strategies, and focus their efforts exactly where they will matter most.

• Long-Term Performance & Backlog Trajectory Tracking: Security Advisor’s expanded operational performance reporting provides a macro, multi-month view that instantly exposes systemic remediation bottlenecks, accumulating technical debt, and risk exposure trends. These insights allow your team to quickly identify security posture shifts and realize when a current strategy is falling behind, giving them the exact data needed to confidently pivot vulnerability management workflows to more effectively address risk.   
• Behavioral Anomaly Trending in Defend: Expanded anomaly tracking provides a high-level view of shifting activity patterns across the landscape to instantly expose potential baseline configuration drift or security and access behavioral changes that require immediate attention. 
• Unified Source of Truth for Analytics (Findings API): When disparate internal and external teams collaborate, establishing clear security oversight across all projects in Git is a major challenge. The new Findings API bridges this gap by allowing engineering leaders to seamlessly export Git Repository scan data into external analytics tools.This pipeline extracts granular, code-level vulnerabilities across all repositories, giving you the comprehensive visibility needed to secure your entire development pipeline. 

Security for Points of Ingress and Egress via Onapsis Defend and Control

Securing SAP points of ingress and egress is critical because perimeter gateways and development pipelines are the primary vectors for lateral entry and data exposure. As cyberattacks targeting SAP accelerate, Onapsis is expanding real-time threat monitoring to network entry points while enforcing strict risk boundaries across GitHub development environments.

• Securing the Front Door (Expanded SAP Web Dispatcher Coverage): Because SAP Web Dispatcher sits directly between the internet and internal SAP networks and is responsible for routing traffic, protecting this critical gateway is essential to preventing disruptive Denial of Service attacks and lateral entry into your landscape.  Our existing Assess coverage helps you secure this “front door” by hardening its baseline configuration and reducing the attack surface. Our new Defend support acts as a guard monitoring who goes through it and what they are doing in real time. This dual approach of configuration hardening and real-time monitoring helps make sure your door is locked  and that you’re alerted to any potential intruders so you can respond quickly, before serious negative consequences occur. 
• Hardened GitHub Access Privileges: To significantly strengthen source code repository scanning, Control now accepts fine-grained personal access tokens for GitHub discovery. Unlike classic tokens that demand blanket profile permissions, these credentials limit automated scanning exclusively to targeted repositories, enforce precise feature permissions, and mandate strict annual expiration ceilings.  

Availability 

All features mentioned here will reach general availability (GA) by the end of Q2 2026. Exact GA release dates may vary based on product, capabilities, and release cadence. Contact an Onapsis sales representative or authorized systems integrator for pricing and further details.

FAQs

Q: How to save time with Security Advisor long-term performance analytics?  

A: Traditionally, security analysts could spend hours pulling historical telemetry, merging data spreadsheets, and manually calculating performance trends. Security Advisor eliminates that manual effort by continuously aggregating and computing metrics like your average remediation speed and backlog trajectories for you, and applying AI-driven analysis to automatically evaluate complex, long-term landscape trends. These advanced insights enable your team to draw informed conclusions about system risk and operational gaps much faster. Your analysts can completely bypass the data-wrangling to make smart, strategic decisions and proactively adjust security workflows at speed. As an added benefit, these automated, long-term trend lines give you the perfect boardroom-ready insights to easily demonstrate your program’s ongoing progress and success to leadership.

Q: How to meet NIS2 compliance using Defend Rapid Controls?  

A: Under regulations like NIS2, organizations are mandated to immediately address known software vulnerabilities or establish active compensating controls when direct patching isn’t possible (e.g., waiting for maintenance windows). Defend Rapid Controls support your security and compliance efforts by enabling you to implement very targeted compensating controls with a single click, right from the Assess vulnerability management interface. This means you can address the risk of open vulnerabilities, and meet your regulatory requirements, much faster. 

Q: How does Control integrate with SAP^® TMS? 

A: Control plugs directly into SAP TMS to automatically scan transports before importing ABAP custom code or configuration changes. It checks each request against policies and threat intelligence, empowering teams to automatically block risky transports from ever reaching production. When a transport request is submitted, an approval workflow is started. Approvers now receive instant email or mobile notifications for these pending TMS requests, allowing them to review exceptions and approve changes faster without manually reviewing their task list. 

Q: What test case categories does Control support?

A: Unique in the market and fueled by the Onapsis Research Labs, Onapsis Control equips Application Security and DevSecOps teams with over 600 industry-leading test cases across six primary categories to effectively prioritize code remediation. We enforce rigorous Security checks to identify vulnerabilities that could compromise system integrity, and Compliance checks to ensure adherence to organizational and regulatory policies. The Performance and Robustness categories flag inefficient resource usage and ensure the code can handle unexpected situations without crashing. Finally, Maintainability highlights code that is difficult to read or debug, while Data Loss Prevention focuses on preventing the improper exposure of sensitive information.