Roadmap
SysManage ships in four editions — Community Edition, Professional, Enterprise, and Multi-Tenant SaaS — built from one codebase and one agent. Below is an honest snapshot of what's available today and what we're building next. Dates aren't promises: priorities move with what operators actually need.
Available today
Community Edition
Free, open-source, and self-hosted on a single server and database. A persistent agent for Linux, Windows, macOS, FreeBSD, OpenBSD, and NetBSD; real-time WebSocket monitoring; hardware and software inventory; package and OS update management; user and access management; tagging; firewall status; ad-hoc scripts; reporting; and an audit log.
Professional
Everything in Community Edition, plus scheduled PDF reporting, an expanded audit trail, secrets management backed by OpenBAO, LXD and WSL container management, AI-assisted health analysis, and CIS / DISA STIG compliance auditing.
Enterprise
Everything in Professional, plus CVE vulnerability scanning, alerting to email / webhook / Slack / Teams, antivirus management, firewall orchestration, automation at fleet scale, full VM lifecycle management (KVM, bhyve, and OpenBSD vmm), observability via OpenTelemetry / Grafana / Graylog, multi-factor authentication and external IdP single sign-on, fully air-gapped deployment, and multi-site federation.
Multi-Tenant SaaS
Everything in Enterprise, run as a control plane that hosts isolated tenants — a database per tenant, customer-owned SSO, and per-tenant edition assignment so each tenant can be set to Community, Professional, or Enterprise independently.
On the roadmap
The next stretch closes the gap with established fleet-management tools while keeping our footing as the management-and-remediation plane rather than another agent to babysit. These land in Enterprise unless noted.
Patch & maintenance lifecycle
Errata and advisory management, maintenance windows so updates land when you expect them, OS release-upgrades with end-of-life tracking, and a FIPS-validated build for regulated environments.
Content lifecycle & distribution
Content views and lifecycle environments, so a fixed set of packages and updates can be promoted through dev → staging → production gates instead of every host pulling whatever is newest. Includes a Snap proxy, container-image content, and support for image-mode hosts (bootc / rpm-ostree).
Provisioning & discovery
Stand up new hosts, not just manage existing ones: PXE / kickstart bare-metal provisioning, provisioning VMs on external hypervisors and clouds, and discovering unmanaged machines already on the network.
Configuration management & drift
Desired-state configuration via Ansible at scale, baseline capture with drift detection and one-click remediation, and osquery embedded in the agent as a fact-collection substrate. The raw osquery inventory is part of Community Edition; the curated query-pack management is Professional.
Proactive operations & advisor
Insights-style recommendations scored by risk across your collected facts, CVEs, and configuration state; signature / YARA malware detection; and integrations that meet you where you are — orchestrating Velociraptor for incident response and ingesting Wazuh alerts, rather than replacing tools you already run.
Want the gory detail?
The complete, phase-by-phase engineering roadmap lives in the repository.
Full roadmap on GitHub →