LET'S TALK
← All work
SOC2 CC8Vendor ManagementChange ManagementDeep Prototype

ChangeAttest — Vendor Change Attestation Network

18 seeded vendor-pushed change attestations: Datadog agent upgrade, Stripe API version sunset, AWS IMDSv1 deprecation, Salesforce IP allowlist default ON, Snowflake function behavior change. Each declares scope, blast radius, rollback, SOC2 mapping — before the change ships.

ChangeAttest — Vendor Change Attestation Network preview
Open live →

What it is

The inverse of ChangeGuard. Where ChangeGuard tracks your internal changes, ChangeAttest tracks every change your vendors are pushing through your stack — before they deploy. Vendors send the attestation; you accept, reject, or request changes.

What’s in it

  • 18 seeded vendor attestations covering the realistic mix you’d actually see in a SaaS company’s inbox:
    • Datadog APM agent v7.62 rollout (med risk, 10/50/100% phased)
    • Stripe API version sunset (high risk, payment-flow breaking)
    • AWS EBS gp2→gp3 recommendation (low risk)
    • SendGrid IP pool migration (med, completed)
    • Snowflake function behavior change (med — TO_DOUBLE behavior, 3 of your queries affected)
    • Salesforce IP allowlist default ON (high, Spring 26)
    • GitHub Actions runner deprecation (low, ubuntu-20.04)
    • Postmark TLS 1.2+ enforcement (med, completed)
    • CloudFlare Bot Fight Mode default ON (high, rejected)
    • AWS IMDSv1 deprecation (high, 60-day window)
    • Twilio A2P 10DLC re-verification (med, regulatory)
    • Auth0 EU tenant DB migration (high, 12hr maintenance)
    • Slack legacy bot tokens deprecated (med)
    • AWS RDS minor version upgrade (med, completed)
    • Linear OAuth scope rename (low)
    • Sentry sampling adjustments (low)
    • Cloudflare Workers KV deprecation (high)
    • Datadog beta trace ID header rename (cancelled)
  • Per-attestation declared fields: scope summary, blast radius, rollback plan, SOC2 control mapping (CC8.1, CC9.1, CC6.7, CC7.4, CC9.2, etc.), proposed deploy window, risk level.
  • Accept / reject / mark-completed flow — mutates state, accumulates audit trail.
  • Filter by status, risk, free-text. Urgent (<72h) flagged.

Why this shape

When your customer’s procurement team asks “what control do you have over vendor changes that affect your stack?” — the honest answer for most companies is “we read their changelog.” That’s not a control; that’s a hope.

ChangeAttest is the prototype for a different shape: the vendor pushes the attestation, you accept it, the trail is recorded. This is the SOC2 CC8.1 evidence shape for vendor-introduced changes, which is most of the changes that actually break production in a SaaS company.

How it ships

Single HTML file, ~32KB. Zero dependencies. The 18-attestation catalog, status state machine, urgency computation, SOC2 control mapper, and audit trail are 290 lines of vanilla JavaScript.

Open the tool →