Release notes

release_v23.09.2 (latest)

  1. 1.
    Added SSO integrations
  2. 2.
    Added prowler importer
  3. 3.
    Minor bug fixes


  1. 1.
    Added report generation


  1. 1.
    Added global rules for Auto Validator and Deduplicator
  2. 2.
    Added new scanners: - GitLab Gemnasium - GitLab KICS - GitLab Gitleaks - GitLab OWASP Zap
    - GitLab Bandit - GitLab ESLint - GitLab Semgrep


  1. 1.
    Added possibility to specify jira issue types
  2. 2.
    Added jira priority-severity mapping
  3. 3.
    Added jira status mapping
  4. 4.
    Added possibility to reopen a resolved finding


  1. 1.
    Added new functionality to the scanner settings: Findings Grouping
  2. 2.
    Fixed incorrect work of basic deduplicator and autocloser with dependency and url fields


  1. 1.
    Resolved an issue where products were being erroneously created with default settings in the common product type, even when the user lacked access to this specific product type.
  2. 2.
    Addressed the problem with case-sensitive fields in severity mapping.
  3. 3.
    jwt token expiration date moved from the body to cookies.
  4. 4.
    Added slicing to metrics.


Resolved the issue causing a bug related to product deletion


  1. 1.
    RBAC Support:
    • Role-Based Access Control (RBAC) is now supported, providing improved user management and access control.
    • A new "Users and Roles" tab has been added, allowing easy management of users and roles within the portal.
  2. 2.
    Affected Products field in Auto Validator and Deduplicator rules:
    • Auto Validator and Deduplicator rules now include an "Affected Products" field.
    • Users can associate specific products with rules, granting greater flexibility and customization.
    • Role-based permissions control user interactions with rules based on product availability:
      • Rule are hidden, if it has no available products for the user.
      • Rule are viewable and product association management allowed if at least one product in this rule is available for the user, but rule editing is restricted.
      • Full control granted if all products in a rule are available for the user.
  3. 3.
    Tag support for products:
    • Tags can now be added to products from the product's "Options" page, allowing for better organization and categorization of application assets.
  4. 4.
    New filters on "Product" page:
    • Two new filters, "Tags" and "Not tags," have been introduced on the "Product" page. These filters enable easy searching and filtering of products based on assigned tags, streamlining navigation and management.
  5. 5.
    AWS Security Hub importer:
    • We are excited to introduce the new AWS Security Hub importer, seamlessly integrating your AWS security ecosystem with the AppSec Portal.
    • Import security findings from AWS Security Hub directly into the portal, enhancing your vulnerability management process.
  6. 6.
    Enhanced SLA violation filtering:
    • The "SLA Violated" filter has been enhanced to allow filtering findings based on the type of SLA violation.
    • You can now filter findings by Verification SLA violated, Assign SLA violated, or Resolve SLA violated.
  7. 7.
    Auto Validator and Deduplicator enhancements:
    • The Auto Validator rules now supports searching findings based on specified values in the Vulnerable URL, Dependency fields and by Import Source (internal or external at your option).
    • Deduplicator rules have been enhanced with new criteria to determine the equality of original and duplicate findings — "Same dependency" and "Same vulnerable URL".
    • Additionally, Deduplicator rules now offer the ability to search findings for specified values in the Vulnerable URL, Dependency fields, and by Import Source, with the option to choose internal or external finding’s sources.


  • Added symkey deletion via
  • Changed entrypoint number of threads


  • Resolved the issue causing a bug related to product deletion


  • Metrics added
  • Added possibility to add scanner reports via UI
  • Nuclei importer updated
  • The maximum allowable length for the description in a search result has been increased to 3000 characters.


  • Introducing the new "Scanners" page with enhanced functionality:
    • Added settings for each scanner:
      • including the auto-closer feature for previously identified findings that are not present in new scanner reports.
      • implemented a custom Jira description feature for more readable scanner descriptions.
      • Introduced a custom severity mapping feature for mapping severity types specific to each scanner.
  • Additionally, the following new features have been implemented:
    • "Finding" view now includes the ability to insert and delete images in findings, which can be exported to corresponding Jira tasks.
  • New product settings features:
    • Added ability to set product-related tags and push those tags to the corresponding Jira tasks.
    • Added a toggle button to push the product title to Jira task labels.
  • Other changes and improvements include:
    • Added a health check for the back container.
    • Transitioned from using fixtures to migrations.
    • Implemented various minor bug fixes.


  • Implemented minor bug fixes to address various issues.


  • Deployed a hotfix to resolve the Jira authentication issue within the product WRT (Web-based Reporting Tool).


  • Added WRT history for every product with updates every 24 hours.
  • Bug hotfixes and minor improvements.
  • Added toggle button "delete tasks for rejected findings" in Jira integration page.