ReARM 26.04.90: Visual CEL Builder, Reverse Feature Set Lookup and TEA 0.4.0

2026-04-20

We're excited to announce a major release of ReARM v26.04.90. Detailed information is available on its release view on the ReARM Demo instance.

This release brings a substantial set of new capabilities across policy expression authoring for ReARM Pro, reverse feature set lookups, Transparency Exchange API (TEA) compliance, and download auditability. ReARM Pro installations either have already been upgraded to this version or will be upgraded according to upgrade preferences. ReARM CE users are encouraged to upgrade to benefit from the fixes and new features described below.

Visual CEL Expression Builder

ReARM Pro now ships with a visual CEL expression builder that makes it significantly easier to author trigger and approval conditions. The builder exposes supported macros (including new all-approvals and any-approvals helpers) and provides pasteable options directly from the CEL helper.

As part of this effort, the trigger engine itself has been switched to CEL-based input events, and the old condition resolution logic has been retired. This gives policy authors a single, consistent expression language across trigger inputs, approval gates, and output events.

Reverse Feature Set Lookup

ReARM now supports reverse lookup for branch (or feature set) participation in feature sets. From any branch, you can see which feature sets it participates in directly - without having to open each feature set individually. This makes it much easier to reason about how a branch contributes to broader release groupings and to audit feature set membership across components.

TEA 0.4.0 with Per-Release CLE

ReARM has switched its Transparency Exchange API implementation to TEA 0.4.0, including support for per-release CLE (Common Lifecycle Enumeration). The "get latest artifact by version" TEA endpoint is now implemented, MIME types have been renamed to media types in accordance with the spec.

Artifact Download Logging

ReARM now records a full audit log for download events for artifacts, releases, SBOMs, and VDRs. Download log access is admin-only and is available from the organization settings tab.

Branch Suffix Mode

ReARM now supports configurable branch suffix mode, a new versioning capability that appends a configurable suffix to versions built from non-base branches. Branch suffix mode comes with a flag that controls whether the suffix is appended for non-base branches. An "append except follow version" option is also available for cases where follow-version branches should be excluded from suffixing.

Most Recent Releases Widget

A new Most Recent Releases widget and dedicated page have been added. The widget shows each release's lifecycle and can be opened in a full-page view.

Historical VDR Snapshots via Triggers

In ReARM Pro, VDR snapshots can now be produced via output triggers, so that a VDR is automatically captured when a configured event fires (for example, when a release crosses a specific approval or lifecycle boundary). A new "first scanned" condition type is available for both triggers and VDR exports. In both ReARM Pro and ReARM CE, findings can now also be exported as a CycloneDX BOV.

CycloneDX Component and Release Import

ReARM now supports importing component releases as CycloneDX, including proper parsing of commit details, SHA-256 digests, commit author details, and deliverable attachment.

Additional Highlights

Dependency Updates

This release contains a significant number of dependency updates, including those fixing underlying CVEs in dependencies. ReARM users are encouraged to upgrade to benefit from these fixes.

Release Identification

We are continuing to publish TEIs for all ReARM releases. TEI for this release: urn:tei:purl:demo.rearmhq.com:pkg:github/relizaio/rearm@26.04.90.

← Back to News